On Fri, 7 Sep 2001, Lars Johansson wrote:
> I have installed Charlie Brady's logcheck-1.1.1-1.i386.rpm from
> http://www.e-smith.org/contrib/rpm-index/RPM-logcheck-1.1.1-1.i386.html
> and it works very well, but I wonder if anyone else has experienced this
> same "problem":
Gee, when you mentioned that as my contrib, I was rather confused, because
I couldn't remember anything about a contrib called logcheck. As it is,
I'v had nothing to do with that except (apparently) for putting it in my
contrib directory. It appears to just be something I found which looks
like it might be useful. I've never investigated it, and have made no
modifications to it at all.
> /etc/logcheck/logcheck.hacking
> /etc/logcheck/logcheck.ignore
> /etc/logcheck/logcheck.violations
> /etc/logcheck/logcheck.violations.ignore
...
> ..but obviously nothing that ignores things like
>
> "mail from..."
> or
> "smtp connection from..."
>
> I really would like to force logcheck to ignore those, but how should I
> proceed and with what syntax?
The thing to do would be to make a directory
/etc/e-smith/templates-custom/etc/logcheck
and copy each of the config files into that directory. Then tweak those
files, then do:
/sbin/e-smith/expand-template /etc/logcheck/logcheck.xxx
for each file (where xxx becomes each of hacking, ignore, violations,
violations.ignore in turn).
There may well be better log file scanners to use. Swatch, logsurf and
logwatch are others I intend to look at.
--
Charlie Brady [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
