[Logcheck-users] Suppressing this CD-ROM message?
Adam Funk
a24061 at ducksburg.com
Tue Aug 18 12:51:41 UTC 2009
On 2009-08-13, Frédéric Brière wrote:
> Adam Funk <a24061 at ducksburg.com> wrote:
>> I have a file named '/etc/logcheck/custom-ignore' that is symlinked
>> into all the other '/etc/logcheck/*ignore*' directories. Most of the
>> time I can suppress an unwanted message by adding it to that "master
>> file", but sometimes it doesn't work and I have to make a special file
>> for it. Why?
>
> Security alert/event filters must have a filename matching the one which
> triggered the message. This is (somewhat cryptically) explained in
> README.logcheck-database.gz.
>
> Word to the wise: use local or local-* for all your local rules. Not
> only will they be applied to all messages, but you will also avoid any
> possible filename conflict.
Thanks for the hints. (I'd prefernot to comment out the line in the
alert file, because I want to avoid possible conflicts with updated
versions.)
More information about the Logcheck-users
mailing list