[Logcheck-devel] logcheck needs help

martin f krafft madduck at debian.org
Sun Mar 16 11:08:22 UTC 2008 

also sprach Frédéric Brière <fbriere at fbriere.net> [2008.03.15.2030 +0100]:
> Maybe it's time to raise, as you once did yourself, the proposal
> of moving rules back into their respective packages.

It won't happen. The other maintainers don't care, at large.

> So, what would you think about testing the waters by contacting
> a small sample of maintainers, and tentatively passing the baton
> for a few packages at first?

I am fine with you trying it. It'll have to be small steps anyway.

> * Given the recent emptying of violations.d/logcheck, do we agree that
>   violation-level messages will henceforth be triggered and handled by
>   individual packages only?  (IOW, maintainters don't have to worry
>   about filtering violations from other packages, including logcheck.)

Sounds good.

> * Shouldn't we do some cleanup on rules before passing them on?
> There are many discrepancies in there (ie. [[:digit:]] vs. [0-9]),
> and I'd bet that 90% of address patterns won't match IPv6.  Trying
> to fix those after they have been scattered will likely be
> painful.

Instead of doing a cleanup, we ought to implement a macro system so
that I can just say %IP% when I want to match an IP. I've written
some mockup code for this and if you want, you could integrate it
into logcheck.

> * There should ideally be a central reference point for
> maintainers, with documentation on both syntax (how to write good
> rules) and semantics (where to put them), as well as how to manage
> the transfer from logcheck to their package, where to ask for
> help, etc.

I can set up ikiwiki for logcheck.org in a few minutes, if you think
it would profit of that. Right now, logcheck.org has some HTML and
there is also a wiki, and I find that somewhat suboptimal (and hate
the moin wiki...)

-- 
 .''`.   martin f. krafft <madduck at debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
 
"no woman should ever be quite accurate about her age.
 it looks so calculating."
                                                        -- oscar wilde
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080316/97a64f0d/attachment.pgp

More information about the Logcheck-devel mailing list