search for: reportlevel

Package: Logcheck Version: 1.2.54 Distro: Debian Etch (stable) Kernel: 2.6.18-5-686 #1 SMP I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs. smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file. Typical log looks like this: Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink ok|Projects/doc1.pdf I've added the simplest rule I guess: ^.*smbd_audit...

...les Nov 6 12:08:36 wheat fetchnews[13617]: wrote active file with 80596 lines Nov 6 12:08:36 wheat fetchnews[13617]: child has process ID 13638 I have a pattern in ignore.d.server/local: fetchnews\[[[:digit:]]+\]: (yes, I know that's sloppy). In terms of obvious checks, logcheck.conf has REPORTLEVEL="workstation" and wheat:/etc/logcheck# ls -l ignore.d.server/local -r--r--r-- 1 root logcheck 5041 Jun 25 2005 ignore.d.server/local When I run syslog through egrep with this pattern, it picks out the line. The fact that I don't have tons of entries with "clamping maxage&quot...

...Apr 3 06:55:25 bsg sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Which as you see seems a correct rule. And yes, my report level is configured to server. This is my config (whithout comments/blank lines): INTRO=0 REPORTLEVEL="server" SENDMAILTO="root" MAILASATTACH=0 FQDN=1 TMP="/tmp" But the line keeps coming. Please... HELP! :) -- www.sargue.net

Package: logcheck-database Version: 1.2.31 Severity: wishlist The following is reported by logcheck when inserting a USB joystick for the first time (workstation), none of which (I assume) I need to be informed of. Nov 21 17:50:08 localhost kernel: ohci_hcd 0000:00:01.2: wakeup Nov 21 17:50:08 localhost kernel: usb 1-1: new low speed USB device using address 2 Nov 21 17:50:10 localhost kernel: