hello, please ask such questions on logcheck-devel, everyone from the team is reading it. thanks. On Fri, 15 Oct 2004, martin f krafft wrote:> for debianbook.madduck.net, i have three questions about logcheck: > > - do you officially advocate to use local-* files for manually > created rule files?yes, personaly i prefer several local-* files contra one big local file. both are used. local file rules won't be overwritten by newly added packages rules.> - are local-* files treated specially in any way?no same as any other rule file.> - previously, the name of the violations.ignore.d rule file had to > be the same as the one in violations.d to be able to override > a rule. is this still the case, or would > > violations.d/foo: "attack.*" > violations.ignore.d/bar: "attack\.org" > > cause an occurrence of attack.org to be ignored?well your touching the still obscure corners of logcheck. i'm wondering if that is documented, will look later: ~/src/logcheck$ egrep raise -r docs/ || echo "nothing" nothing if you want to raise patterns with `violations/foo', you have 4 choices to ignore them: * violations.ignore.d/foo * violations.ignore.d/logcheck-foo * violations.ignore.d/local-* * violations.ignore.d/local so you are correct violations.ignore.d/bar won't be of much good. current infos on how to write rules are documented in /usr/share/doc/logcheck-database/README.logcheck-database.gz hope that helps? -- maks
On Mon, 18 Oct 2004, maks attems wrote:> On Fri, 15 Oct 2004, martin f krafft wrote: > well your touching the still obscure corners of logcheck. > i'm wondering if that is documented, will look later: > ~/src/logcheck$ egrep raise -r docs/ || echo "nothing" > nothing > > if you want to raise patterns with `violations/foo', > you have 4 choices to ignore them: > * violations.ignore.d/foo > * violations.ignore.d/logcheck-foo > * violations.ignore.d/local-* > * violations.ignore.d/local >it's documented in a bit different way and point of view: /usr/share/doc/logcheck/README.Maintainer
also sprach maks attems <debian at sternwelten.at> [2004.10.18.1051 +0200]:> please ask such questions on logcheck-devel, > everyone from the team is reading it.Alfie referred me directly to you... that does not diminish or shift blame, so please excuse. I should have thought first, then hit 'y'.> personaly i prefer several local-* files contra one big local > file. both are used. local file rules won't be overwritten by > newly added packages rules.They won't be anyway because package rules are always conffiles. But I get your point.> current infos on how to write rules are documented in > /usr/share/doc/logcheck-database/README.logcheck-database.gzSomehow, this seems to have evaded me. I guess because it's not in the logcheck package. Stupid me. also sprach maks attems <debian at sternwelten.at> [2004.10.18.1138 +0200]:> it's documented in a bit different way and point of view: > /usr/share/doc/logcheck/README.MaintainerOkay, if I may say, then this could be clearer. Anyway, I spotted a couple of small errors in that file: 23c23 < (i.e. server = server + paranoid) you should try to split your ---> (i.e. server = server + workstation) you should try to split your39c39 < symlinks. If your contains .'s you should replace them with _'s so ---> symlinks. If your filenames contain .'s, you should replace them with _'s so51c51 < see if we have included them first. If we allready have rules and you ---> see if we have included them first. If we already have rules and you53c53 < so we can avoid filename confilcts. ---> so we can avoid filename conflicts.-- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck at debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041020/8bdb215e/attachment.pgp