Hi, please add the following rule to the logcheck database: For package/daemon auditd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating log files$ Log line as system event: May 31 11:41:11 localhost auditd[2594]: Audit daemon rotating log files Regards Till
Maybe Matching Threads
- Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
- Bug#403758: Logcheck rules for Snort
- Bug#570207: logcheck wu-ftpd rules do'nt match
- Bug#590679: [logcheck-database] rules for ntpd
- Bug#369603: logcheck-database: new rule for dhcpd