On Sun, Jul 23, 2006 at 07:54:59AM +0100, martin f krafft wrote: > This in today: > > ----- Forwarded message from [EMAIL PROTECTED] ----- > > System Events > =-=-=-=-=-=-= > Jul 23 00:45:09 seamus sshd[22983]: Address 66.132.142.188 maps to > admin.trumedia.com, but this does not map back to the address - POSSIBLE > BREAK-IN ATTEMPT! > > ----- End forwarded message ----- > > There is a violations.ignore.d rule for these files, shouldn't that > automatically also filter them at the ignore.d level? > > I am not sure what the answer is, but I thought the above was the > behaviour. I could not find a bug report about this. > > Since violations.d is a set of escalation filters, it would make > sense for violations.ignore.d to be a set of de-escalation filters, > but I don't think this is what the documentation suggests. > > Please advise.
Yes, yes it should. There was a bug report about this somewhere... Gah! To be clear, the violations.ignore.d should filter things are the ignore.d level. Currently it does not. -- Todd Troxell http://rapidpacket.com/~xtat _______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
