Re: impostazioni logcheck

To: Domenico Pasella <dpasella@gmail.com>
Cc: debian-italian@lists.debian.org
Subject: Re: impostazioni logcheck
From: Marco Gaiarin <gaio@linux.it>
Date: Thu, 13 Oct 2005 14:22:13 +0200
Message-id: <[🔎] l40223-nf6.ln1@sara.bbs.lilliput.linux.it>
In-reply-to: <[🔎] 200510121225.25113.dpasella@gmail.com>; from SmartGate on Thu, Oct 13, 2005 at 20:57:26PM +0200
References: <[🔎] 200510121225.25113.dpasella@gmail.com>

Mandi! Domenico Pasella
  In chel dí si favelave...

DP> Queste regole visto che sono in ignore dovrebbero far si che quelle 
DP> informazioni non vengano riportate nella mail? Sbaglio qualcosa?

...a che livello hai impostato logcheck? Hai letto
/usr/share/doc/logcheck/README.logcheck, in particolare:

REPORTLEVEL
-----------
The config-file setting new users are most likely to need to modify
is that of REPORTLEVEL.  This is a three-way division between high,
medium and low "security ratings", not to be confused with the three
filtering layers used by the logcheck-database directories.
Reportlevels only affect the handling of the leftover log-messages
of the final "System Events" layer, functioning rather like
verbosity settings:

"paranoid" is "high verbosity" - meaning that only the minimal set
        of filters in ignore.d.paranoid should be applied.  This is
        appropriate for high-security machines such as firewalls,
        which should anyway be running as few services as possible.

"server" means that logcheck should then also go on to apply the
        more selective set of filters in ignore.d.server; as the
        name implies, this is intended to cut out the routine
        messages such as "so-and-so logged in".

"workstation" means that as well as applying the ignore.d.paranoid
        and ignore.d.server filters, logcheck should run through
        ignore.d.workstation.  This filters a great many everyday
        log messages (such as anything matching "kernel:"), and is
        only appropriate for relatively sheltered, non-critical
        machines.

Don't set the REPORTLEVEL to "paranoid" if the result is more output
than you can handle - messages that aren't going to be read might as
well have stayed in "/var/log/*".  However, as long as you're
prepared to tune logcheck's output with local filters, a verbose
REPORTLEVEL can be a valuable debugging aid even on an unnetworked
home PC; see the logcheck-database README section on WRITING RULES.
######################################################################


-- 
  Fino a quando il colore della pelle sarà più importante del colore
  degli occhi, sarà sempre guerra.			(Bob Marley)

Reply to:

Follow-Ups:
- Re: impostazioni logcheck
  - From: Domenico Pasella <dpasella@gmail.com>

References:
- impostazioni logcheck
  - From: Domenico Pasella <dpasella@gmail.com>

Prev by Date: Re: flash su firefox
Next by Date: Re: password di root di MySQL
Previous by thread: impostazioni logcheck
Next by thread: Re: impostazioni logcheck
Index(es):
- Date
- Thread