Re: System log monitor
On Thu, Dec 07, 2000 at 03:05:39PM +0100, Michael Meskes wrote:
> On Thu, Dec 07, 2000 at 03:37:13PM +1100, Steve wrote:
> > suppose it would be nice if packages could supply their own violations
> > and ignore files to make this easier. For example, postfix would
> > supply a violations file containing
> > ...
> > And logcheck does a run-parts style include of all the files plus the
> > defaults. Does this seem like a plausible system, and does it fit
> I really like this idea. It's a bit of a hassle to create your own logcheck
> entries. If this could be done once and added to the package it would make
> life much easier.
You would have to do some work yourself, since the ignore entries would
have to be ultra-conservative. The reason the default is to not ignore, and
you have to explicitly ask to not see certain messages, is that you have
presumably seen them and decided you don't want to see them. You might want
to see every SSH login from hosts other than some sites you normally use,
for instance. It would be a bad thing if the package default ignore files
threw away too much.
That said, I think it's a good idea. It wouldn't eliminate the work, but
would make lessen it.
#define X(x,y) x##y
Peter Cordes ; e-mail: X(firstname.lastname@example.org. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE