[Logcheck-users] Problem setting Security Alerts reports only
Debianito
the.universal.os at gmail.com
Wed Jul 4 14:59:38 UTC 2007
Hi everyone!
I'm using Debian Etch, and I've problems setting up only "Security
Alerts/Events" only.
I can't just receive only them, I receive all kind of alerts.
What do I have to set?
This is my config file:
--
# The following variable settings are the initial default values,
# which can be uncommented and modified to alter logcheck's behaviour
# Controls the format of date-/time-stamps in subject lines:
# Alternatively, set the format to suit your locale
#DATE="$(date +'%Y-%m-%d %H:%M')"
#
# Controls the presence of boilerplate at the top of each message:
# Alternatively, set to "0" to disable the introduction.
#
# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
# are present their contents will be read and used as the header and
# footer of any generated mails.
#
#INTRO=1
# Controls the level of filtering:
# Can be Set to "workstation", "server" or "paranoid" for different
# levels of filtering. Defaults to server if not set.
REPORTLEVEL="server"
# Controls the address mail goes to:
# *NOTE* the script does not set a default value for this variable!
# Should be set to an offsite "emailaddress at some.domain.tld"
SENDMAILTO=<me :)>
# Should the hostname in the subject of generated mails be fully qualified?
FQDN=1
# Controls whether "sort -u" is used on log entries (which will
# eliminate duplicates but destroy the original ordering); the
# default is to use "sort -k 1,3 -s":
# Alternatively, set to "1" to enable unique sorting
#SORTUNIQ=0
# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
# exceptions to the rules in /etc/logcheck/cracking.d:
# Alternatively, set to "1" to enable cracking.ignore support
#SUPPORT_CRACKING_IGNORE=1
# Controls the base directory for rules file location
# This must be an absolute path
#RULEDIR="/etc/logcheck"
# Controls if syslog-summary is run over each section.
# Alternatively, set to "1" to enable extra summary.
#SYSLOGSUMMARY=0
# Controls Subject: lines on logcheck reports:
#ATTACKSUBJECT="Security Alerts"
#SECURITYSUBJECT="Security Events"
#EVENTSSUBJECT="System Events"
# Controls [logcheck] prefix on Subject: lines
#ADDTAG="yes"
--
Thanks in advance,
Debianito
More information about the Logcheck-users
mailing list