[Logcheck-devel] Re: dh_installlogcheck (was: Re: Bug#350301: postgrey: logcheck file named incorrectly)

[Joey Hess]

Paul Traina:
> I agree, I'm no logcheck expert, but if it behaves according to the
> manpage, it doesn't take into account the way logcheck handles violations
> and their corresponding ignores anymore.
> 
> As I think I understand it (feel free to correct me), if a package wants
> to register security violation regexps, those should go in:
> 
>        /etc/logcheck/violations.d/<packagename>
> 
> and ignore strings for THOSE, and only THOSE, regexps should go in:
> 
>         /etc/logcheck/violations.ignore.d/<packagename>
> 
> The problem here is that logcheck-database includes a bunch of generic
> regexps as well, in the file
> 
>        /etc/logcheck/violations.d/logcheck
> 
> which many packages trigger as false violations.  Those packages, if
> well behaved, are responsible for installing a file:
> 
>         /etc/logcheck/violations.ignore.d/logcheck-<packagename>

I can't find anything in the logcheck docs about installing a
logcheck-<packagename> file to override the generic violation regexps.
README.Maintainer says:

	If during the normal operation of your package it produces syslog
	messages that are included by /etc/logcheck/violations.d/logcheck
	you can also include the following rulefile 

	 - /etc/logcheck/violations.ignore.d/<packagename>

	so that they will be ignored.

In fact, all the violations.ignore.d/logcheck-<packagename> files in all
of Debian seem to be included in the logcheck-database package itself.

So this bug report seems wrong or now outdated, and I'm closing it. Please
let me know if I missed something.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070121/e609dcbf/attachment.pgp