[Logcheck-devel] Bug#542663: logcheck: /etc/cron.d/logcheck runs too often (now every 2 hours)
Jari Aalto
jari.aalto at cante.net
Fri Aug 21 16:01:00 UTC 2009
Frédéric Brière <fbriere at fbriere.net> writes:
> Actually, it is every hour (at x:02). But if logcheck is sending you
> crap every hour, you need better rules, not a lazier schedule. That'd
> be like unplugging your smoke detector instead of moving it further from
> the kitchen.
If logcheck is installed in NN (where NN is two digit number) Debian
servers, those messages pile up pretty quickly.
We must also keep in mind the extra burden the logcheck puts on system
when it scan logs with heavy regular expressions.
It is reasonable to expect that a "server" installation ships with
defaults that are sane and not extreme (any less that 12h is in my book
extreme). Getting reports at 24h intervals is quite is enough to act on
work-day 8.00-17.00 hours.
To put things in perspective, it can be argued that messages from IDS
systems or smartmond are much more important than logchecks; and they do
come when error is detected.
Please ship with 24h, which would be more appropriate and expected
default.
Jari
More information about the Logcheck-devel
mailing list