[Logcheck-users] logcheck alerting for NTP every six hours
Brian C
brianwc at berkeley.edu
Wed Oct 5 16:21:28 UTC 2005
Hi,
I'm running logcheck 1.2.39 on Debian Sarge (stable).
At 9:00am, 3:00pm, 9:00pm and 3:00am each day I get an email alert from
logcheck that looks like this:
System Events
=-=-=-=-=-=-=
Oct 5 09:00:03 [hostname] NTP: Wed 05 Oct 2005 09:00:03 AM PDT
I just discovered logcheck a couple days ago and like it a lot, but
figuring out how to edit the ignore lists in order to get rid of an
alert like this completely escapes me. I don't know anything about regex
and what I've read so far makes my head spin. I also get a long daily
alert from snort that I may want to ignore. Can someone provide a
step-by-step HOWTO on how to go from an alert you don't want to an
edited ignore file that disposes of it (and only it). Thanks.
Brian
More information about the Logcheck-users
mailing list