Re: logcheck
On Mon, 2005-01-10 at 10:08 -0600, Rodney Richison wrote:
>
> Dave Ewart wrote:
>
> >On Monday, 10.01.2005 at 09:22 -0600, Rodney Richison wrote:
> >
> >
> >
> >>I guess I need help figuring out how to make logcheck quit reporting
> >>lines like this:
> >>
> >>Jan 10 08:07:25 deblists.rcrnet.net amavisd-new[11923]: (11923-03) Passed,
> >><bounce-9309147-995167@lists.isp-lists.com> ->
> >><rodney@deblists.rcrnet.net>, Message-ID:
> >><19a9fd1705011006031d85ad89@mail.gmail.com>, Hits: -1.458
> >>
> >>I don't want to know if something passed. amavis logs to
> >>/var/log/amavis.log and I told logcheck to monitor it, but I'm getting TO
> >>MUCH. I looked at the docs and was still unable to figure it out.
> >>
> >>
> >
> >Add the expression:
> >
> >amavisd-new.*Passed
> >
> >to the appropriate logcheck
> >
> >
> That's part of the problem. While
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html says
> add it to this file |/etc/logcheck/ignore.d.reportlevel/local it does
> not exist. However, there is a file in
> ||/etc/logcheck/ignore.d.reportlevel/amavisd-new I just now put this
> in it amavis\[[0-9]+\]: +(\([-0-9]+\) +)?Passed
>
> Sound reasonable?
> |
>
Yes, except you really shouldn't put in amavisd-new, since those are the
rules the maintainer(s) think are useful; put your own rules in your own
file.
Reply to:
- References:
- logcheck
- From: Rodney Richison <rodney@rcrcomputing.com>
- Re: logcheck
- From: Dave Ewart <davee@sungate.co.uk>
- Re: logcheck
- From: Rodney Richison <rodney@rcrcomputing.com>