Re: What's sending "www 02/10/02:19.02 system check" messages
Hit wrong key, didn't follow up to list. Sheesh. :)
On Mon, 11 Feb 2002, Chris Evans wrote:
> I've just transferred from Hamm to Potato and the new system is
> Emailing me excellent security messages with subject line like: "www
> 02/10/02:19.02 system check" ("www" is hostname).
That's logcheck.
> I'd like to be able to tune that to improve the ratio of really
> helpful to routine messages. All I can see from the header is that
> they're coming from something with user ID 0 and that leaves a fair
> few options including cron but crontab -u 0 says there is no user 0!
The configuration is in /etc/logcheck; essentially, it scans the logs for
regular expressions in the configuration files, and mails you anything
that matches. Check the man pages and the files in /usr/share/doc/logcheck
for more information.
It actually does run out of cron; Debian's cron reads files in
/etc/cron.d in addition to other crontabs, and logcheck has a file in
there that runs it every hour or so.
man cron, and see also /etc/cron.{daily,weekly,monthly} for other neat
tricks. :)
- Aaron
--
Aaron Hall : C'mon, Netscape! I can whistle the page in
ahall@vitaphone.net : Morse faster than you're fetching it!
Macintosh/UNIX Geek, Network Flack, and...eh, whatever.
Reply to: