Hi,
please add the following rule to the logcheck database:
For package/daemon auditd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating
log files$
Log line as system event:
May 31 11:41:11 localhost auditd[2594]: Audit daemon rotating log files
Regards
Till
Possibly Parallel Threads
- Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
- Bug#403758: Logcheck rules for Snort
- Bug#570207: logcheck wu-ftpd rules do'nt match
- Bug#590679: [logcheck-database] rules for ntpd
- Bug#369603: logcheck-database: new rule for dhcpd
Wisdom of the Ancients
