[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events

Todd Troxell ttroxell at debian.org
Wed Jul 26 03:05:27 UTC 2006

On Sun, Jul 23, 2006 at 07:54:59AM +0100, martin f krafft wrote:
> This in today:
> ----- Forwarded message from logcheck at seamus.madduck.net -----
> System Events
> =-=-=-=-=-=-=
> Jul 23 00:45:09 seamus sshd[22983]: Address maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
> ----- End forwarded message -----
> There is a violations.ignore.d rule for these files, shouldn't that
> automatically also filter them at the ignore.d level?
> I am not sure what the answer is, but I thought the above was the
> behaviour. I could not find a bug report about this.
> Since violations.d is a set of escalation filters, it would make
> sense for violations.ignore.d to be a set of de-escalation filters,
> but I don't think this is what the documentation suggests.
> Please advise.

Yes, yes it should.  There was a bug report about this somewhere...   Gah!

To be clear, the violations.ignore.d should filter things are the ignore.d
level.  Currently it does not.

Todd Troxell

More information about the Logcheck-devel mailing list