[Logcheck-users] logcheck.ignore issues
Jamie L. Penman-Smithson
lists at silverdream.org
Tue Oct 18 19:43:55 UTC 2005
Hey Patrice,
On Tue, 2005-10-18 at 11:57 -0400, Patrice Seyed wrote:
> I have been successful in the past using the logcheck.ignore file to not
> have logcheck email me on certain logs syntax.
If you find messages that should be ignored that are not, you should
file a bug report against the logcheck-database package in the BTS.
> For example:
> ntpd.*: exiting
It's best to avoid overly broad regular expressions like the plague and
make them as specific and targeted as possible. Overly broad regular
expressions in logcheck can lead to security issues.
> My problem is with :
> named*: lame server resolving
> or
> named*: lame server*
> or
> named*:*lame
>
> in logcheck.ignore
Correct me if I'm wrong, but as far as I can see, logcheck.ignore was
phased out around version 1.1.9, is there any particular reason why
you're still using such an ancient version of logcheck?
> I still get messages in email looking like:
>
> > Oct 17 22:00:01 linga named[16014]: lame server resolving
> > '71.11.2.239.in-addr.arpa' (in '239.in-addr.arpa'?): 192.52.71.4#53
The "lame server resolving" messages from BIND can be disabled by using
the appropriate logging statement.
logging {
[...]
category lame-servers { null; };
[...]
}
> If anyone could provide any suggestions or enlighten me in any way as to the
> behaviours of logcheck I would appreciate it.
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20051018/eb0a9d63/attachment.pgp
More information about the Logcheck-users
mailing list