Re: System log monitor
Steve wrote:
> With packages having their own violations/ignore files you can add a
> separate header to each one. So a logcheck pass would look like ..
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> <result of running through violations/violations.ignore>
>
> (package foo) Violations
> =-=-=-=-=-=-=-=-=-=-=
> <result of running through foo.violations/ignore>
>
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> <The rest>
Looks nice. I think I will do this.
> Admittedly, separate violations files may be more of a modification to
> logcheck than debian policy allows, in which case I've been prattling
> inanely :) Then using update-logcheck to generate violations/ignore
> files that don't require altering logcheck is definitely the neatest
> solution.
Hmm, am I mistaken in my belief that the policy states *how* a piece of software
should be packaged (given that it has the correct license), but not *what* a
piece of software should do (given that it doesn't do anything malicious) ? I
had to patch the logchchck.sh script anyway to fix the other bug reports, so I
can't see how policy should prevent the change you proposed above.
best greets,
Rene
Reply to: