also sprach maximilian attems <[EMAIL PROTECTED]> [2006.07.05.2319 +0200]: > server restarts,
I think we can filter out some messages here, but the fact that configuration was reloaded or a server was stopped/started/restarted *must* be mailed. But it should be 1-2 lines so that no other log lines are swallowed by e.g. the amavisd-new restart flood. > unsucessfull login attempts, for existing users, those should be mailed. For non-existing users, who cares? Really, everyone gets scanned all the time, and if a user does not exist, nothing can happen. Knowing about a scan won't do much to you, especially if you just got a 50K logcheck mail. If you do want to complain to the netblock admin, go paranoid, or install portsentry or some tool that is made to detect scans. > anomalies?? Yes. > empty mails might give the users a sense of security although the > host has been breached. anyway logcheck is not a realtime monitor. > happy to hear your thought so that we can better focus on what > logcheck should do. anomalies pretty much sums it up. Scans are not anomalies anymore. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system if voting could really change things, it would be illegal. -- revolution books, new york
signature.asc
Description: Digital signature (GPG/PGP)
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
