maks attems
2004-May-17 08:15 UTC
[Logcheck-devel] Re: [Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d
hey todd, our user tend to confound our three layers: "attacks", security events and system events. we need to do something bout the dir structure. On Sun, 16 May 2004, CVS User ttroxell wrote:> +++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-innd 2004/05/16 07:39:37 1.3 > @@ -4,3 +4,4 @@ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: rejected [0-9]+ Too old -- "[0-9]+ \w{3} [0-9]{4} [0-9:]{8} ([A-Z]+|(\+|-)[0-9]{4})"$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: rejected [0-9]+ No colon-space in "("|x-no-archive:yes)" header$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nnrpd\[[0-9]+\]: [^[:space:]]+ posts received [0-9]+ rejected [0-9]+$ > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: offered <[^[:space:]]+> [._[:alnum:]-]+$anyways please revert this change, there is no keyword in aboves rule that will push it in security events, please take a look at cvs commit from 12. may, i already added aboves rule in ignore.d.server/innd ;) a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040517/31d1b9e8/attachment.pgp
Todd Troxell
2004-May-17 20:09 UTC
[Logcheck-devel] Re: [Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d
Ah ok, will remove, thanks. Yeah, I've thought that the dir names were a bit confusing too. -Todd On Mon, May 17, 2004 at 10:15:27AM +0200, maks attems wrote:> hey todd, > > our user tend to confound our three layers: > "attacks", security events and system events. > we need to do something bout the dir structure. > > On Sun, 16 May 2004, CVS User ttroxell wrote: > > > +++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-innd 2004/05/16 07:39:37 1.3 > > @@ -4,3 +4,4 @@ > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: rejected [0-9]+ Too old -- "[0-9]+ \w{3} [0-9]{4} [0-9:]{8} ([A-Z]+|(\+|-)[0-9]{4})"$ > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: rejected [0-9]+ No colon-space in "("|x-no-archive:yes)" header$ > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nnrpd\[[0-9]+\]: [^[:space:]]+ posts received [0-9]+ rejected [0-9]+$ > > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rnews: offered <[^[:space:]]+> [._[:alnum:]-]+$ > > anyways please revert this change, > there is no keyword in aboves rule that will push it in security events, > please take a look at cvs commit from 12. may, > i already added aboves rule in ignore.d.server/innd ;) > > a++ maks >-- [ Todd J. Troxell ,''`. Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' : http://debian.org || http://rapidpacket.com/~xtat `. `' `- ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040517/3dbc80af/attachment.pgp