Joey Hess
2007-Jan-21 17:59 UTC
[Logcheck-devel] Re: dh_installlogcheck (was: Re: Bug#350301: postgrey: logcheck file named incorrectly)
Paul Traina:> I agree, I'm no logcheck expert, but if it behaves according to the > manpage, it doesn't take into account the way logcheck handles violations > and their corresponding ignores anymore. > > As I think I understand it (feel free to correct me), if a package wants > to register security violation regexps, those should go in: > > /etc/logcheck/violations.d/<packagename> > > and ignore strings for THOSE, and only THOSE, regexps should go in: > > /etc/logcheck/violations.ignore.d/<packagename> > > The problem here is that logcheck-database includes a bunch of generic > regexps as well, in the file > > /etc/logcheck/violations.d/logcheck > > which many packages trigger as false violations. Those packages, if > well behaved, are responsible for installing a file: > > /etc/logcheck/violations.ignore.d/logcheck-<packagename>I can't find anything in the logcheck docs about installing a logcheck-<packagename> file to override the generic violation regexps. README.Maintainer says: If during the normal operation of your package it produces syslog messages that are included by /etc/logcheck/violations.d/logcheck you can also include the following rulefile - /etc/logcheck/violations.ignore.d/<packagename> so that they will be ignored. In fact, all the violations.ignore.d/logcheck-<packagename> files in all of Debian seem to be included in the logcheck-database package itself. So this bug report seems wrong or now outdated, and I'm closing it. Please let me know if I missed something. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070121/e609dcbf/attachment.pgp