[Logcheck-devel] templates cleanup part2

maks attems debian at sternwelten.at
Thu Jun 10 12:10:37 UTC 2004


hello 

based on Alfie's proposal regarding 
"Template: logcheck-database/rules-directories-note"


 - /etc/logcheck/cracking.ignore.d [for local use only]

this note regarding the cracking.ingore.d is confusing, what is meant is:

 - /etc/logcheck/cracking.ignore.d [no rules from logcheck-database itself]

we might even want to drop that message as in normal mode of operation,
i never found it necessary to add local rules there?

- These directories may contain files named "logcheck" (containing minimal
generic alert/override patterns), "(packagename)" (containing patterns
- specific to that one package) or "local" (created by the local
- administrator to contain patterns tailored for a particular site).
Logcheck will then use rules collected from all the files found in the
appropriate directories.
     
+ These directories may contain files prefixed "logcheck-" (containing 
generic alert/override patterns), "(packagename)" (containing patterns
+ specific to that one package) or prefixed "local-" (created by the local
+ administrator to contain patterns tailored for a particular site).
Logcheck will then use rules collected from all the files found in the
appropriate directories.


removed the "minimal" logcheck-database rule set seems far from minimal.
didn't mention the local file as admins will find local-foo easier
for their setup.
thanks for your comments. as it's your initial proposition Alfie
feel free to commit if no one objects?

a++ maks


  




More information about the Logcheck-devel mailing list