System log monitor

To: debian-security@lists.debian.org
Subject: System log monitor
From: Steve <tarka@zip.com.au>
Date: Thu, 7 Dec 2000 15:37:13 +1100
Message-id: <[🔎] 14895.5113.625043.815450@colderidge.tarka.org>
In-reply-to: <[🔎] 14889.52122.881743.444993@tarka.org>
References: <[🔎] 14889.52122.881743.444993@tarka.org>

Thanks to everyone that replied.  I've installed logcheck and it works
well after a couple of iterations of weeding out the false alarms.  I
suppose it would be nice if packages could supply their own violations
and ignore files to make this easier.  For example, postfix would
supply a violations file containing

    postfix/(pickup|cleanup|qmgr|smtpd): .*(fatal|warn|error)

and an ignore file like

    postfix/pickup\[[0-9]+\]: [A-Z0-9]+: uid=[0-9]+ from=
    postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=
    postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: from=.*, size=[0-9]+
    etc ...

And logcheck does a run-parts style include of all the files plus the
defaults.  Does this seem like a plausible system, and does it fit
with the debian policy.  Sorry if this is just idle speculation, I'm a
bit of a newbie to the debian way of doing things.

That said, I'd be prepared to take on implementing this if it seems
like a good idea.

Regards,
Steve

Reply to:

Follow-Ups:
- Re: System log monitor
  - From: Michael Meskes <meskes@debian.org>
- System log monitor
  - From: Steve <tarka@zip.com.au>
- Re: System log monitor
  - From: Rene Mayrhofer <rene.mayrhofer@vianova.at>
- Re: System log monitor
  - From: Rene Mayrhofer <rene.mayrhofer@vianova.at>

References:
- System log monitor
  - From: Steve <tarka@zip.com.au>

Prev by Date: Re: Debian Security-HOWTO
Next by Date: Re: Route annoncement on web
Previous by thread: Re: System log monitor
Next by thread: Re: System log monitor
Index(es):
- Date
- Thread