I have installed Charlie Brady's logcheck-1.1.1-1.i386.rpm from http://www.e-smith.org/contrib/rpm-index/RPM-logcheck-1.1.1-1.i386.html and it works very well, but I wonder if anyone else has experienced this same "problem": In the mails generated to the administrator, I get perfectly normal events listed such as <SNIP> Unusual System Events =-=-=-=-=-=-=-=-=-=-= Sep 7 09:08:51 mail xinetd[1409]: START: smtp pid=2665 from= Sep 7 09:11:40 mail xinetd[1409]: START: smtp pid=2686 from= Sep 7 09:14:56 mail xinetd[1409]: START: smtp pid=2713 from= Sep 7 09:15:56 mail xinetd[1409]: START: smtp pid=2720 from= Sep 7 09:16:16 mail xinetd[1409]: START: smtp pid=2727 from= Sep 7 09:20:32 mail xinetd[1409]: START: smtp pid=2736 from= Sep 7 09:21:20 mail xinetd[1409]: START: smtp pid=2743 from= Sep 7 09:23:19 mail xinetd[1409]: START: smtp pid=2750 from= Sep 7 09:32:39 mail xinetd[1409]: START: smtp pid=2759 from= <SNIP> (all IP numbers in the "from" field are normal private numbers from our LAN) Furtermore, I gat long listings such as: Sep 7 09:08:51 mail smtpd[2665]: mail from <[EMAIL PROTECTED]> Sep 7 09:08:51 mail smtpd[2665]: smtp connection from [EMAIL PROTECTED](192.6.1.151) MAIL FROM: <[EMAIL PROTECTED]> RCPT TO: <[EMAIL PROTECTED]>, allowed by line 23 of /etc/smtpd_check_rules Sep 7 09:08:51 mail smtpd[2665]: Recipient <[EMAIL PROTECTED]> Sep 7 09:08:51 mail smtpd[2665]: smtp connection from [EMAIL PROTECTED](192.6.1.151) MAIL FROM: <[EMAIL PROTECTED]> RCPT TO: <[EMAIL PROTECTED]>, allowed by line 23 of /etc/smtpd_check_rules (Where "[EMAIL PROTECTED]" are normal user addresses belonging to our LAN.....) As far as I understand, the rules are set in: /etc/logcheck/logcheck.hacking /etc/logcheck/logcheck.ignore /etc/logcheck/logcheck.violations /etc/logcheck/logcheck.violations.ignore In the file /etc/logcheck/logcheck.ignore there are lines such as sendmail.*User Unknown sendmail.*User Unknown sendmail.*alias database.*rebuilt sendmail.*aliases.*longest sendmail.*from= sendmail.*lost input channel sendmail.*message-id= sendmail.*putoutmsg sendmail.*return to sender sendmail.*return to sender sendmail.*stat= sendmail.*timeout waiting ..but obviously nothing that ignores things like "mail from..." or "smtp connection from..." I really would like to force logcheck to ignore those, but how should I proceed and with what syntax? Shouldn't all those lines beginning with "sendmail" be replaced with something more suitable for E-Smith? Anyone who knows? -- Lars Johansson - mailto:[EMAIL PROTECTED] While running Windows, I reserve the right to randomly reboot my computer. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
