Logcheck devel - Jul 2008 - violations.d/logcheck is empty. bug or feature?

Hi logcheckers,

since 1.2.64 logcheck got really quiet :)
so quiet that I suspected it was not running at all.

I investigated a bit and found that /etc/logcheck/violations.d/logcheck
is empty since this commit:

http://git.debian.org/?p=logcheck/logcheck.git;a=commitdiff;h=2394562ab4a13c4510c671f01ffc8f35e97f1cd3

was this really intented?

I far as I can see, this file contained the only "general" rules to
trigger security events (besides those in cracking.d/logcheck). Or am I
wrong?

cheers,
Hp.

also sprach Hanspeter Kunz <hkunz at ifi.uzh.ch> [2008.07.04.1848
+0200]:
> I investigated a bit and found that /etc/logcheck/violations.d/logcheck
> is empty since this commit:
> 
>
http://git.debian.org/?p=logcheck/logcheck.git;a=commitdiff;h=2394562ab4a13c4510c671f01ffc8f35e97f1cd3
> 
> was this really intented?
Yes. None of us see any benefit in the violations layer and it makes
it harder to maintain proper rulesets.

-- 
 .''`.   martin f. krafft <madduck at debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
 
"heuristic is computer science jargon for 'doesn't actually
work.'"
                                                     -- charlie reiman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080705/f2c4dffe/attachment.pgp

On Sat, 2008-07-05 at 12:28 +0200, martin f krafft
wrote:
> also sprach Hanspeter Kunz <hkunz at ifi.uzh.ch> [2008.07.04.1848
+0200]:
> > I investigated a bit and found that
/etc/logcheck/violations.d/logcheck
> > is empty since this commit:
> > 
> >
http://git.debian.org/?p=logcheck/logcheck.git;a=commitdiff;h=2394562ab4a13c4510c671f01ffc8f35e97f1cd3
> > 
> > was this really intented?
> 
> Yes. None of us see any benefit in the violations layer and it makes
> it harder to maintain proper rulesets.
Ok. I agree on this (to avoid the violations layer).

Nevertheless, it seems to me that all the log entries, that were
triggered as violations, are now not triggered at all. I can see that
this also facilitates the maintainance of rulesets, but I guess this is
not the primary goal of logcheck :)

If I would like to re-add some of the keywords, what would be the proper
way?

cheers,
Hp
-- 
Hanspeter Kunz                  University of Zurich
Systems Administrator           Department of Information Technology
Email: hkunz at ifi.uzh.ch         Binzm?hlestrasse 14
Tel: +41.(0)44.63-56714         Office 2.E.07
http://www.ifi.uzh.ch           CH-8050 Zurich, Switzerland

Spamtraps: hkunz.bogus at ailab.ch hkunz.bogus at ifi.uzh.ch
---
A fool and your money are soon partners.