[Logcheck-devel] Logcheck database updates on stable
Enrico Zini
enrico at enricozini.org
Thu Mar 17 13:46:43 UTC 2016
Hello,
when I upgraded my server to stable I started getting a dozen of
messages a day from logcheck, each as big as something like 200Kb to
300Kb.
I started looking around the internet and I found a lot of ignore rules
written for Debian Stable sitting in the BTS, in the wiki or somewhere
else around the internet:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681934
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705988
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090
https://wiki.debian.org/systemd/logcheck
https://gist.github.com/towo/9600375
After adding those ignore rules, the mails I received started to be at
least readable and I noticed ONE actual problem, which I fixed right
away. I would never have noticed it without those extra ignore rules.
Even after installing those ignore rules, I still get about ten messages
a day, mostly with just one false positive line in them. It feels like
playing wack-a-mole.
All of this is turning logcheck from something that gives early warnings
about problems in a system, into a daily nuisance that adds noise to my
inbox.
I do not dare to just write and deploy my own rules, because I would
like to use ignore rules that have at least been peer reviewed.
Would it be possible to have updates of logcheck rules for stable,
either via backports or proposed-updates, so that it can be useful by
default on stable systems?
I'm attaching a tarball with the rules I have collected so far,
commented with source information.
Thank you,
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: local.tar.xz
Type: application/x-xz
Size: 3612 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20160317/ab56218f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20160317/ab56218f/attachment.sig>
More information about the Logcheck-devel
mailing list