Hi All,
I'm interested in setting up a central log collector and
analyser system. I have written a CGI, that displays
log messages throug an https connection, and I have
added a selection menu to choose an ignorance level:
none < paranoid < server < workstation. I use Your
*.d *.ignore.d ignore.d.{server,workstation,paranoid}
files to deal with a log line.
The CGI works fine on my PC but behaves differently
on the productional system. Reason: I realized that the
database files are different on the two machines: on my
PC there are lots of packages installed that have their own
/etc/logcheck/... regexp files. For example: apmd,
clamav-daemon, fetchmail, gnome-bin, ntpdate,
nullmailer, syslog-ng, etc. in addition to logcheck-database.
(I use Debian Linux.) On the productional system
there's only logcheck-database and syslog-ng installed.
Patterns for a lot of service is missing.
How does it work? Will these additional regexp files
migrated into the logcheck-database package in the
future? Or do I have to grab all the disorganized files
from other packages? I don't want to install unnecessary
packages at all. Could You please help me find the
solution?
mm.
Hello! On Sat, Dec 18, 2004 at 05:38:52PM +0100, Mici Maci wrote:> How does it work? Will these additional regexp files > migrated into the logcheck-database package in the > future? Or do I have to grab all the disorganized files > from other packages? I don't want to install unnecessary > packages at all. Could You please help me find the > solution?This is an interesting problem, and one that I had not considered. The cool part about having our rules in other packages is that it allows people that [should] know the packages better than we do to maintain the rules, while also saving cycles on machines by not having unnecessary rules. The best method I can come up with to get *all* rules is to write a script that parses the contents search[1] results and extracts the rules from each package. Cheers, -Todd -- [ Todd J. Troxell ,''`. Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' : http://debian.org || http://rapidpacket.com/~xtat `. `' `- ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041220/4e6984c6/attachment.pgp
[1] http://www.debian.org/distrib/packages
--
[ Todd J. Troxell ,''`.
Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
http://debian.org || http://rapidpacket.com/~xtat `. `'
`- ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041220/22046911/attachment.pgp