[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events
Elmar Hoffmann
debian-logcheck-devel-ml at elho.net
Mon Sep 4 21:54:34 UTC 2006
Hi,
on Wed, Jul 26, 2006 at 21:00:21 -0500, Todd Troxell wrote:
> > Should we declare it a feature and call violations.ignore.d
> > a deescalation filter instead?
>
> The majority of emails I get about logcheck are confused admins wondering why
> a rulefile doesn't work, when it's just because lines are being pulled by
> violations.d.
>
> Eh, It definitely makes things more complicated. The benefit would not be
> great for me, but I tend to read logcheck mails without really caring about
> which level things show up under. I may be a bad judge on this one, but I'd
> like to see it changed. Of course, I'm open to discussion about it.
Yes, I don't care that much about the level either and I think the
reason is that all the stuff that so many harmless failure messages,
anything involving illegal or attack in the user- or hostname
etc. shows up there.
And with violations.ignore.d completely filtering matches one can't do
anything about it - making them deescalation filters would allow this
and better the situation.
Given that it would make things more tedious as one would have to have
rules twice (in ignore.d.* and violations.ignore.d (and keep them in
sync), I wonder whether it would make sense to do away with the overly
broad rules in violations.d.
elmar
--
.'"`. /"\
| :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ /
`. `' GPG key available via pgp.net against HTML email X
`- & vCards / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060904/9f521e05/attachment.pgp
More information about the Logcheck-devel
mailing list