Debianito
2007-Jul-04 14:59 UTC
[Logcheck-users] Problem setting Security Alerts reports only
Hi everyone! I'm using Debian Etch, and I've problems setting up only "Security Alerts/Events" only. I can't just receive only them, I receive all kind of alerts. What do I have to set? This is my config file: -- # The following variable settings are the initial default values, # which can be uncommented and modified to alter logcheck's behaviour # Controls the format of date-/time-stamps in subject lines: # Alternatively, set the format to suit your locale #DATE="$(date +'%Y-%m-%d %H:%M')" # # Controls the presence of boilerplate at the top of each message: # Alternatively, set to "0" to disable the introduction. # # If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt # are present their contents will be read and used as the header and # footer of any generated mails. # #INTRO=1 # Controls the level of filtering: # Can be Set to "workstation", "server" or "paranoid" for different # levels of filtering. Defaults to server if not set. REPORTLEVEL="server" # Controls the address mail goes to: # *NOTE* the script does not set a default value for this variable! # Should be set to an offsite "emailaddress at some.domain.tld" SENDMAILTO=<me :)> # Should the hostname in the subject of generated mails be fully qualified? FQDN=1 # Controls whether "sort -u" is used on log entries (which will # eliminate duplicates but destroy the original ordering); the # default is to use "sort -k 1,3 -s": # Alternatively, set to "1" to enable unique sorting #SORTUNIQ=0 # Controls whether /etc/logcheck/cracking.ignore.d is scanned for # exceptions to the rules in /etc/logcheck/cracking.d: # Alternatively, set to "1" to enable cracking.ignore support #SUPPORT_CRACKING_IGNORE=1 # Controls the base directory for rules file location # This must be an absolute path #RULEDIR="/etc/logcheck" # Controls if syslog-summary is run over each section. # Alternatively, set to "1" to enable extra summary. #SYSLOGSUMMARY=0 # Controls Subject: lines on logcheck reports: #ATTACKSUBJECT="Security Alerts" #SECURITYSUBJECT="Security Events" #EVENTSSUBJECT="System Events" # Controls [logcheck] prefix on Subject: lines #ADDTAG="yes" -- Thanks in advance, Debianito