tags 296110 pending thanks On Sun, 2005-02-20 at 21:08 +0100, Ingo Theiss wrote: > the rule you mentioned is in ignore.d.server/pure-ftpd (see next > line):
Okay, so that's ruled out. > yes those messages showing up as 'Security Events'. permissions are ok > as far as i can say: Something in those messages is listed in violations.d/logcheck.. > i will give you the original line from syslog. maybe i stripped > something important off: > > Feb 18 23:05:58 web1 pure-ftpd: ([EMAIL PROTECTED]) > [NOTICE] > /docroot/nfs-action.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/modifier.debug_print_var.php > uploaded (1863 bytes, 9.41KB/sec) ..the 'debug' part of the filename is causing those messages to be listed as 'Security Events' (since debug is listed in violations.d/logcheck). Since the uploading and downloading of files isn't usually a security risk and filenames can legitimately have 'debug' in them, I've added the same rule to violations.ignore.d/logcheck-pureftp so they won't show up in future. Thanks, -- -jamie <[EMAIL PROTECTED]> | spamtrap: [EMAIL PROTECTED] w: http://www.silverdream.org | p: [EMAIL PROTECTED] pgp key @ http://silverdream.org/~jps/pub.key 21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58
signature.asc
Description: This is a digitally signed message part
