[Logcheck-commits] martin f. krafft: update docs to reflect removal of violations.d/logcheck

Martin F. Krafft madduck at alioth.debian.org
Mon Jul 21 10:10:17 UTC 2008 

Module: logcheck
Branch: master
Commit: 9ba66b052827fb47fd2cba5b3999a2eb8d138d5d
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=9ba66b052827fb47fd2cba5b3999a2eb8d138d5d

Author: martin f. krafft <madduck at debian.org>
Date:   Fri Jul 18 13:46:54 2008 +0200

update docs to reflect removal of violations.d/logcheck

---

 docs/README.Maintainer        |    9 ++++++---
 docs/README.logcheck-database |    9 +++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/docs/README.Maintainer b/docs/README.Maintainer
index 7a458d5..96d4cd4 100644
--- a/docs/README.Maintainer
+++ b/docs/README.Maintainer
@@ -23,9 +23,10 @@ As the higher level ignore.d directories include the lower levels
 (i.e. server = server + paranoid) you should try to split your 
 rulefile between the different ignore.d directories.
 
-If during the normal operation of your package it produces syslog
-messages that are included by /etc/logcheck/violations.d/logcheck
-you can also include the following rulefile 
+If during the normal operation of your package it produces ignorable
+syslog messages that are included by
+/etc/logcheck/violations.d/<packagename> have to also include the
+following rulefile 
 
  - /etc/logcheck/violations.ignore.d/<packagename>
 
@@ -53,3 +54,5 @@ would like to maintain your own, please let us know before you upload
 so we can avoid filename confilcts.
 
 -- Debian Logcheck Team <logcheck-devel at lists.alioth.debian.org>
+
+# vim:tw=70
diff --git a/docs/README.logcheck-database b/docs/README.logcheck-database
index 95c641d..d221ea8 100644
--- a/docs/README.logcheck-database
+++ b/docs/README.logcheck-database
@@ -111,6 +111,12 @@ thus for instance any log message at all matching "ATTACK"
 a "Security Alert", unless you deliberately tamper with
 "cracking.ignore.d" rules.
 
+** Debian Note: we emptied out ./logcheck and merged all
+./logcheck-<packagename> files into the ignore.d.*/<packagename>
+files. This was done because the standard rules in ./logcheck matched
+too many false positives (see e.g. #449028) and resulted in a lot of
+rule duplication (#254542).
+
 Remember that package-specific "ignore" filters will _not_ override
 non-package-specific "flagging" patterns!  Thus for instance if
 "fooserver" outputs syslog messages like this:
@@ -208,5 +214,8 @@ everything, therefore the following exceptions apply:
 *  Debug messages
 *  Messages produced by software not included in Debian
 *  Temporary messages which are due to a bug in the package
+*  Messages related to daemon startups and shutdowns
 
 Please do not file bugs related to these messages.
+
+# vim:tw=70

More information about the Logcheck-commits mailing list