[Logcheck-users] Suppressing this CD-ROM message?

[Frédéric Brière]

Adam Funk <a24061 at ducksburg.com> wrote:
> I have a file named '/etc/logcheck/custom-ignore' that is symlinked
> into all the other '/etc/logcheck/*ignore*' directories.  Most of the
> time I can suppress an unwanted message by adding it to that "master
> file", but sometimes it doesn't work and I have to make a special file
> for it.  Why?

Security alert/event filters must have a filename matching the one which
triggered the message.  This is (somewhat cryptically) explained in
README.logcheck-database.gz.

Word to the wise: use local or local-* for all your local rules.  Not
only will they be applied to all messages, but you will also avoid any
possible filename conflict.


-- 
Absolutely nothing should be concluded from these figures except that
no conclusion can be drawn from them.
		-- Joseph L. Brothers, Linux/PowerPC Project)