[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events
ttroxell at debian.org
Wed Jul 26 03:05:27 UTC 2006
On Sun, Jul 23, 2006 at 07:54:59AM +0100, martin f krafft wrote:
> This in today:
> ----- Forwarded message from logcheck at seamus.madduck.net -----
> System Events
> Jul 23 00:45:09 seamus sshd: Address 184.108.40.206 maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
> ----- End forwarded message -----
> There is a violations.ignore.d rule for these files, shouldn't that
> automatically also filter them at the ignore.d level?
> I am not sure what the answer is, but I thought the above was the
> behaviour. I could not find a bug report about this.
> Since violations.d is a set of escalation filters, it would make
> sense for violations.ignore.d to be a set of de-escalation filters,
> but I don't think this is what the documentation suggests.
> Please advise.
Yes, yes it should. There was a bug report about this somewhere... Gah!
To be clear, the violations.ignore.d should filter things are the ignore.d
level. Currently it does not.
More information about the Logcheck-devel