[Logcheck-devel] logcheck needs help
Russ Allbery
rra at debian.org
Sun Mar 16 18:29:03 UTC 2008
martin f krafft <madduck at debian.org> writes:
> also sprach Frédéric Brière <fbriere at fbriere.net> [2008.03.15.2030 +0100]:
>> Maybe it's time to raise, as you once did yourself, the proposal
>> of moving rules back into their respective packages.
> It won't happen. The other maintainers don't care, at large.
It would have to become a Policy requirement. I think the idea of having
each package install patterns marking which syslog messages they normally
produce is a great idea and is something that would benefit any log
scanning program, not just logcheck. So personally I'd be fine with it
being a Policy requirement, given how much it helps with log auditing.
But I'm not sure you'd be able to get people to generally agree.
>> So, what would you think about testing the waters by contacting a small
>> sample of maintainers, and tentatively passing the baton for a few
>> packages at first?
> I am fine with you trying it. It'll have to be small steps anyway.
I'd be willing to take over logcheck rules for my packages. It may make
bug reporting more difficult for the end user, though, since they have to
figure out which package provides the logs instead of just reporting
against logcheck-database. That's one of the problems with having a mixed
environment where logcheck-database provides most rules but some are
provided by other packages.
> Instead of doing a cleanup, we ought to implement a macro system so that
> I can just say %IP% when I want to match an IP. I've written some mockup
> code for this and if you want, you could integrate it into logcheck.
That would be fantastic.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Logcheck-devel
mailing list