Paul Traina: > I agree, I'm no logcheck expert, but if it behaves according to the > manpage, it doesn't take into account the way logcheck handles violations > and their corresponding ignores anymore. > > As I think I understand it (feel free to correct me), if a package wants > to register security violation regexps, those should go in: > > /etc/logcheck/violations.d/<packagename> > > and ignore strings for THOSE, and only THOSE, regexps should go in: > > /etc/logcheck/violations.ignore.d/<packagename> > > The problem here is that logcheck-database includes a bunch of generic > regexps as well, in the file > > /etc/logcheck/violations.d/logcheck > > which many packages trigger as false violations. Those packages, if > well behaved, are responsible for installing a file: > > /etc/logcheck/violations.ignore.d/logcheck-<packagename>
I can't find anything in the logcheck docs about installing a
logcheck-<packagename> file to override the generic violation regexps.
README.Maintainer says:
If during the normal operation of your package it produces syslog
messages that are included by /etc/logcheck/violations.d/logcheck
you can also include the following rulefile
- /etc/logcheck/violations.ignore.d/<packagename>
so that they will be ignored.
In fact, all the violations.ignore.d/logcheck-<packagename> files in all
of Debian seem to be included in the logcheck-database package itself.
So this bug report seems wrong or now outdated, and I'm closing it. Please
let me know if I missed something.
--
see shy jo
signature.asc
Description: Digital signature
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
