On 13/12/99 Pollywog wrote:
> and i still get in logcheck mails: > Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613 try named.*: USAGE .* > CPU=61.74u/56.5s CHILDCPU=0u/0s > Dec 13 23:04:55 plukwa PAM_unix[17035]: (ssh) session opened for user root > by > (uid=0) PAM_unix.*: (ssh) session opened for user root .*
i had the same problems with logcheck, even worse it sent ALL of the kernel boot up messages to root as `unusual activity' at every boot. along with ALL postfix logging as unusal, pam logins etc etc etc.
I spent over 4 hours writing new information into the ignore files ,trying different variations including the same syntax you show and it only disabled one or 2 lines from the logs from being reported, most of the rules simply did not work. that is when i just purged the damn thing, if its going to send the entire contents of my logs every 2 hours i might as well just read them myself.
i like the idea of logcheck but when it sends so much crap it defeats its purpose.
since i see its not just me having problems with it perhaps a bug should be filed, this package is useless out of the box on standard debian systems.
Ethan