[Logcheck-users] Suppressing this CD-ROM message?
Frédéric Brière
fbriere at fbriere.net
Thu Aug 13 18:42:29 UTC 2009
Adam Funk <a24061 at ducksburg.com> wrote:
> I have a file named '/etc/logcheck/custom-ignore' that is symlinked
> into all the other '/etc/logcheck/*ignore*' directories. Most of the
> time I can suppress an unwanted message by adding it to that "master
> file", but sometimes it doesn't work and I have to make a special file
> for it. Why?
Security alert/event filters must have a filename matching the one which
triggered the message. This is (somewhat cryptically) explained in
README.logcheck-database.gz.
Word to the wise: use local or local-* for all your local rules. Not
only will they be applied to all messages, but you will also avoid any
possible filename conflict.
--
Absolutely nothing should be concluded from these figures except that
no conclusion can be drawn from them.
-- Joseph L. Brothers, Linux/PowerPC Project)
More information about the Logcheck-users
mailing list