[Logcheck-users] ignore-rules being ignored?
Mark Edwards
mark at antsclimbtree.com
Wed Sep 20 19:45:41 UTC 2006
> On Wed, Sep 20, 2006 at 05:14:18PM +0200, Kilian wrote:
>
>> I am using logcheck 1.2.39 on Debian and am experiencing that the
>> following in /etc/logcheck/ignore.d.server/ssh is being ignored:
>
> ...
>
>> When I test the rule with egrep on /var/log/auth, the lines show up, so
>> the line should be correct. However, all SSH logins are reported as
>> Security Events nevertheless... What could this be? I'd be thankful for
>> any hint!
>
> Security events need to be ignored in /etc/logcheck/violations.ignore.d.
Doh! Should have finished reading my email before replying. Sorry for
the noise.
--
Mark Edwards
More information about the Logcheck-users
mailing list