[Logcheck-devel] Rules
Michael Bakker
michael at securityfocus.de
Tue Jun 8 22:09:12 UTC 2004
Hi,
why does /etc/logcheck/ignore.d.server/oidentd contain rules only for
connections from localhost? I general ident lookups are made by
irc-servers (usually !=localhost). I've changed this 2 rules to:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: \[.*\] Successful lookup
I'm using qmail (vpopmail) where I did create a rules file for in
ignore.d.server directory:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ vpopmail\[[0-9]+\]: vchkpw: login success|^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [a-z]+\[[0-9]+\]
Feel free to apply any of my changes.
--
Greetings,
Michael Bakker
More information about the Logcheck-devel
mailing list