[Logcheck-devel] templates cleanup part2

maks attems debian at sternwelten.at
Fri Jun 11 11:20:19 UTC 2004


On Fri, 11 Jun 2004, Gerfried Fuchs wrote:

> * maks attems <debian at sternwelten.at> [2004-06-10 14:10]:
>  I wouldn't drop it because it can make sense. E.g. I will add entries
> for this message locally:
> 
> May 28 10:40:53 tausendmorgenwald dhclient: receive_packet failed on eth0: Network is down
> Jun  9 18:57:51 tausendmorgenwald shutdown[8355]: shutting down for system halt

hmmm, am i confused, these aboves should never be reported as
"Attack Alerts"?
i'm not speaking about violations.ignore.d rules, but about
cracking.ignore.d!!
did you ever put a rule inside this dir?

 
>  object:
> 
> These directories may contain files prefixed with "logcheck-" (containing
> generic alert/override patterns), named "(packagename)" (containing patterns
> specific to that one package) or prefixed with "local-" (created by the local
> administrator to contain patterns tailored for a particular site).
> Logcheck will then use rules collected from all the files found in the
> appropriate directories.
> 
>  Changes: "prefixed _with_", "named" added. In our last discussion I got
> the opinion that we have also "local" as possible filename? I don't want
> that to get dropped, and am using it.

didn't find that "with" important, 
feel free to add a reference to the file named local! :)
 
> > didn't mention the local file as admins will find local-foo easier
> > for their setup.
> 
>  Do you think so? Why? I think local itself is easier, I don't see the
> need to have multiple local files sitting around....

yes definetly, i may want to have local-foo which i can disgard
quickly in the case i'll removed package foo, no need to dig 
throught a big file. 
 
a++ maks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040611/7625a3e5/attachment.pgp 


More information about the Logcheck-devel mailing list