[Logcheck-users] filtering out iptables messages
Frédéric Brière
fbriere at fbriere.net
Thu Aug 13 18:51:27 UTC 2009
Milan Andric <mandric at gmail.com> wrote:
> Aug 7 10:35:17 slice kernel: iptables denied: IN=eth0 OUT=
I'm guessing these are being raised as security events, due to the
presence of "denied".
> hourly email. Adding the regex to
> /etc/logcheck/ignore.d.server/kernel does not work. Yet when I use
You'll have to add that rule to violations.ignore.d/local-kernel for it
to take effect. (You might want to leave a copy in ignore.d.server,
since logcheck-database 1.3.x will no longer treat these as security
events.)
P.S.: Am I right in assuming that the only reason these show up in your
logs is because you're using the "-j LOG" option?
--
The only "intuitive" interface is the nipple. After that, it's all learned.
-- Bruce Ediger, bediger at teal.csn.org, on X interfaces
More information about the Logcheck-users
mailing list