[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck thinks that system is under attack, related to ssl problem?

Micah Anderson wrote:

Speaking of which, has anyone found a way to configure the active
system attack key words? There is a user on my system whose email has
the word "attacK' in it so that triggers logcheck, and I've tried
every different exclusion file and regexp there is to make it ignore
it, but I can't.... so I get a logcheck email everytime this guy gets
or sends an email. Its gotten to the point that logcheck is becoming
totally useless (ie. I wont read them because I put little value in
the information that they contain). I've tried searching the web, and
contacting the package maintainer, but no results.

I had exactly the same problem, it's because logcheck look for cracking
patterns before removing lines which should be ignored, it shouldn't be
hard to fix.


Reply to: