[Logcheck-users] Problem setting Security Alerts reports only

Debianito the.universal.os at gmail.com
Wed Jul 4 14:59:38 UTC 2007 

Hi everyone!

I'm using Debian Etch, and I've problems setting up only "Security
Alerts/Events" only.
I can't just receive only them, I receive all kind of alerts.

What do I have to set?

This is my config file:
--
# The following variable settings are the initial default values,
# which can be uncommented and modified to alter logcheck's behaviour

# Controls the format of date-/time-stamps in subject lines:
# Alternatively, set the format to suit your locale

#DATE="$(date +'%Y-%m-%d %H:%M')"

#
# Controls the presence of boilerplate at the top of each message:
# Alternatively, set to "0" to disable the introduction.
#
# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
# are present their contents will be read and used as the header and
# footer of any generated mails.
#
#INTRO=1

# Controls the level of filtering:
# Can be Set to "workstation", "server" or "paranoid" for different
# levels of filtering. Defaults to server if not set.

REPORTLEVEL="server"

# Controls the address mail goes to:
# *NOTE* the script does not set a default value for this variable!
# Should be set to an offsite "emailaddress at some.domain.tld"

SENDMAILTO=<me :)>

# Should the hostname in the subject of generated mails be fully qualified?
FQDN=1

# Controls whether "sort -u" is used on log entries (which will
# eliminate duplicates but destroy the original ordering); the
# default is to use "sort -k 1,3 -s":
# Alternatively, set to "1" to enable unique sorting

#SORTUNIQ=0

# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
# exceptions to the rules in /etc/logcheck/cracking.d:
# Alternatively, set to "1" to enable cracking.ignore support

#SUPPORT_CRACKING_IGNORE=1

# Controls the base directory for rules file location
# This must be an absolute path

#RULEDIR="/etc/logcheck"

# Controls if syslog-summary is run over each section.
# Alternatively, set to "1" to enable extra summary.

#SYSLOGSUMMARY=0

# Controls Subject: lines on logcheck reports:

#ATTACKSUBJECT="Security Alerts"
#SECURITYSUBJECT="Security Events"
#EVENTSSUBJECT="System Events"

# Controls [logcheck] prefix on Subject: lines

#ADDTAG="yes"
--

Thanks in advance,


Debianito

More information about the Logcheck-users mailing list