On Mon, May 08, 2006 at 09:06:37PM +0200, Emanuele Rocca wrote:
The only situation I've been able to imagine is a human error leading to
a change to your security policy.
For instance, a co-worker which temporary allows remote root logins, god
knows why. I'd be sad of my choice of filtering out
also sprach Emanuele Rocca <[EMAIL PROTECTED]> [2006.05.08.2106 +0200]:
> For instance, a co-worker which temporary allows remote root
> logins, god knows why. I'd be sad of my choice of filtering out
> root login attempts in that case.
I'd have such a co-worker immediately shot. :)
But yes, you
Hello Martin,
* martin f krafft <[EMAIL PROTECTED]>, [2006-05-07 9:11 +0200]:
> Thus, I am considering to mask out entries of the following sort
> with logcheck:
>
>sshd[5998]: (pam_unix) authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=160
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Coppock wrote:
>> From: martin f krafft
>>
>> but somehow am not comfortable to just do it, which is why I am
>> asking for opinions, advice, and feedback from you guys. Would you
>> be able to think of reasons why I would *not* want to do that?
>
also sprach Jeff Coppock <[EMAIL PROTECTED]> [2006.05.07.1836 +0200]:
> I came up against the same issue some time ago and decided to move my sshd to
> a non-standard port. This dramatically reduced the number of log entries,
> and I see hardly any login attempts logged. I also updated my snort
> From: martin f krafft
>
> but somehow am not comfortable to just do it, which is why I am
> asking for opinions, advice, and feedback from you guys. Would you
> be able to think of reasons why I would *not* want to do that?
I came up against the same issue some time ago and decided to move my ss
also sprach Michael Stone <[EMAIL PROTECTED]> [2006.05.07.1606 +0200]:
> >machines. On all these machines, sshd root login is restricted to
> >password-less login (RSA/DSA keys), so brute force attacks are never
> >going to succeed.
>
> Probably what you want to highlight, then, is a *successful*
On Sun, May 07, 2006 at 09:11:53AM +0200, martin f krafft wrote:
machines. On all these machines, sshd root login is restricted to
password-less login (RSA/DSA keys), so brute force attacks are never
going to succeed.
Probably what you want to highlight, then, is a *successful* login.
Mike Sto
also sprach paddy <[EMAIL PROTECTED]> [2006.05.07.1159 +0200]:
> IMHO logcheck is not so much a way of monitoring and analysing
> what's going on on your systems as a way of filtering out what you
> already have better covered by other systems.
This is a nice way of putting
On Sun, May 07, 2006 at 09:11:53AM +0200, martin f krafft wrote:
> I use logcheck on almost all machines. With the increased SSH brute
> force attacks of the last 2-3 years, I am now at a point where
> almost 95% of all logcheck messages are login attempts as root to my
> machines.
cks it. That would be a pretty bad bug if it didn't. At
least version 0.6.1 does.
> However, having the attempted attack listed in LogCheck mails
> doesn't block it...I also ask is there any use however in having
> it listed?
Not really. My theory is that I don't need to
only
listed if the login doesn't exist).
However, having the attempted attack listed in LogCheck mails doesn't
block it...I also ask is there any use however in having it listed?
Ceers
Stefano Salvi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubsc
I use logcheck on almost all machines. With the increased SSH brute
force attacks of the last 2-3 years, I am now at a point where
almost 95% of all logcheck messages are login attempts as root to my
machines. On all these machines, sshd root login is restricted to
password-less login (RSA/DSA
trongly. I see no reason to make publicly available files
locally hidden.
> The problem is that we cannot dh_installlogcheck with owner logcheck because
> the logcheck user is not guaranteed to exist.
I think in this case, world readable is OK.
> I don't like this solution, but i
I am thinking of changing the permissions in dh_installlogcheck from 600 to
644.
The problem is that we cannot dh_installlogcheck with owner logcheck because
the logcheck user is not guaranteed to exist.
I don't like this solution, but it seems like the one with the smallest
potentialit
I'm not subscirbed to this list so I can't reply to the correct mail, but...
Thank you very much folks, Stephen and friends were right, the problem
was the name of the script. I just changed that, and no more unwanted
spam in mail. And I'm relly liking logcheck now, it surely i
On Mon, Aug 09, 2004 at 03:03:43PM -0400, Stephen Gran wrote:
> This one time, at band camp, Juha Pahkala said:
> > Hello,
> >
> > I've just installed logcheck on my debian-testing system. I'm having some
> > odd problems with the *ignore.server/cron filt
This one time, at band camp, Juha Pahkala said:
> Hello,
>
> I've just installed logcheck on my debian-testing system. I'm having some
> odd problems with the *ignore.server/cron filters. I'm trying to filter
> out the entries that cron makes in syslog. These incl
lnum:]]+. So this
> should work:
>
> ^\w{3} [ :0-9]{11} [[:alnum:]]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]]
> +\) CMD \(.*\)$
[._[:alnum:]-]+ means 1 or more alphanumeric characters, periods, dashes
or underscores. It's used in the default logcheck (and my own) checks to
match hostn
On 2004.08.09 15:53, Juha Pahkala wrote:
Aug 9 16:40:01 server /USR/SBIN/CRON[1103]: (root) CMD
(/root/bin/util/check_irexec)
Aug 9 16:40:01 server /USR/SBIN/CRON[1104]: (root) CMD
(/root/bin/util/check_mythbackend)
ie. every five minutes a check that the relevant processes are alive.
and
the lin
Hello,
I've just installed logcheck on my debian-testing system. I'm having some
odd problems with the *ignore.server/cron filters. I'm trying to filter
out the entries that cron makes in syslog. These include in my case the
following lines
Aug 9 16:35:01 server /USR/SBIN/CRON[10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Steve,
I saw your announcement in debian-security that you and Jon Middleton are
working on a new version of logcheck.
I recently started using logcheck and syslog-ng and have some ideas on how
logcheck could be extended, especially for use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Steve,
I saw your announcement in debian-security that you and Jon Middleton are
working on a new version of logcheck.
I recently started using logcheck and syslog-ng and have some ideas on how
logcheck could be extended, especially for use
On Thu, Oct 16, 2003 at 02:02:23PM -0500, Micah Anderson wrote:
> Pretty exciting... is there any place that we can track the progress
> of this? I'm very interested to make an assessment of what is going on
> to determine if I should just patch the existing logcheck so that it
>
On Thu, Oct 16, 2003 at 02:02:23PM -0500, Micah Anderson wrote:
> Pretty exciting... is there any place that we can track the progress
> of this? I'm very interested to make an assessment of what is going on
> to determine if I should just patch the existing logcheck so that it
>
On Thu, 16 Oct 2003 14:02:23 -0500
Micah Anderson <[EMAIL PROTECTED]> wrote:
> Pretty exciting... is there any place that we can track the progress
> of this? I'm very interested to make an assessment of what is going on
> to determine if I should just patch the existing
Pretty exciting... is there any place that we can track the progress
of this? I'm very interested to make an assessment of what is going on
to determine if I should just patch the existing logcheck so that it
stops sending me attack alerts, or if I should wait for this overhaul
to com
On Thu, 16 Oct 2003 14:02:23 -0500
Micah Anderson <[EMAIL PROTECTED]> wrote:
> Pretty exciting... is there any place that we can track the progress
> of this? I'm very interested to make an assessment of what is going on
> to determine if I should just patch the existing
Pretty exciting... is there any place that we can track the progress
of this? I'm very interested to make an assessment of what is going on
to determine if I should just patch the existing logcheck so that it
stops sending me attack alerts, or if I should wait for this overhaul
to com
On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
> I had exactly the same problem, it's because logcheck look for cracking
> patterns before removing lines which should be ignored, it shouldn't be
> hard to fix.
logcheck is in the middle of a major overhau
On Tue, Oct 07, 2003 at 09:52:59AM +0200, Alain Tesio wrote:
> I had exactly the same problem, it's because logcheck look for cracking
> patterns before removing lines which should be ignored, it shouldn't be
> hard to fix.
logcheck is in the middle of a major overhau
Micah Anderson wrote:
Speaking of which, has anyone found a way to configure the active
system attack key words? There is a user on my system whose email has
the word "attacK' in it so that triggers logcheck, and I've tried
every different exclusion file and regexp there is to ma
Micah Anderson wrote:
Speaking of which, has anyone found a way to configure the active
system attack key words? There is a user on my system whose email has
the word "attacK' in it so that triggers logcheck, and I've tried
every different exclusion file and regexp there is to ma
stem.
Well, I must admit that I've already have rebooted after this message
appeared (well, just because I havent read my mail then, and only
realised the logcheck message after a second reboot), but the problem
didn't "survive" this first reboot, i.e. I've only received thi
stem has really been cracked, and
>> the logcheck message is not a false positive? I wonder, because it's
>> not a server machine, it has no services running, except the dhcp
>> client listening on a port. Nothing else.
>
> It sounds to me, from the symptoms you describe
On Mon, Oct 06, 2003 at 10:07:23PM +0100, Andreas W?st wrote:
> I hope you've got some more ideas. I'm strictly following all the
> security updates, and have a light mix of woody and sid packages.
run 'shutdown -rF now'
See if the problem persists after the fsck. If it does, check the
files man
stem.
Well, I must admit that I've already have rebooted after this message
appeared (well, just because I havent read my mail then, and only
realised the logcheck message after a second reboot), but the problem
didn't "survive" this first reboot, i.e. I've only received thi
stem has really been cracked, and
>> the logcheck message is not a false positive? I wonder, because it's
>> not a server machine, it has no services running, except the dhcp
>> client listening on a port. Nothing else.
>
> It sounds to me, from the symptoms you describe
On Mon, Oct 06, 2003 at 10:07:23PM +0100, Andreas W?st wrote:
> I hope you've got some more ideas. I'm strictly following all the
> security updates, and have a light mix of woody and sid packages.
run 'shutdown -rF now'
See if the problem persists after the fsck. If it does, check the
files man
l you've got
> better evidence that you've been cracked. In this case, I doubt you
> have.
>
Speaking of which, has anyone found a way to configure the active
system attack key words? There is a user on my system whose email has
the word "attacK' in it so that trig
l you've got
> better evidence that you've been cracked. In this case, I doubt you
> have.
>
Speaking of which, has anyone found a way to configure the active
system attack key words? There is a user on my system whose email has
the word "attacK' in it so that trig
On Mon, Oct 06, 2003 at 05:31:05PM +0100, Andreas W?st wrote:
> Hmmm, so what? Are these problems somehow tied together? Furthermore,
> what is the probability that the system has really been cracked, and the
> logcheck message is not a false positive? I wonder, because it's not a
&g
eport from
logcheck, logcheck
sent me a mail with an "ACTIVE SYSTEM ATTACK!" subject, saying:
"Cleaned rules files exist in /var/lib/logcheck/cleaned directory that
cannot be removed. This may be an attempt to spoof the log checker."
Hmmm, so what? Are these problems somehow tied
On Mon, Oct 06, 2003 at 05:31:05PM +0100, Andreas W?st wrote:
> Hmmm, so what? Are these problems somehow tied together? Furthermore,
> what is the probability that the system has really been cracked, and the
> logcheck message is not a false positive? I wonder, because it's not a
&g
eport from logcheck,
logcheck
sent me a mail with an "ACTIVE SYSTEM ATTACK!" subject, saying:
"Cleaned rules files exist in /var/lib/logcheck/cleaned directory that
cannot be removed. This may be an attempt to spoof the log checker."
Hmmm, so what? Are these problems somehow tied
Kenneth Macdonald Karlsen wrote:
Hi. I am running stable and just installed logcheck
I get this mail:
run-parts: component /etc/cron.d/logcheck is not an executable plain file
/etc/cron.d isn't called from run-parts. What is in your /etc/crontab?
in /etc/cron.d/ i have this:
-rw-r--r--
Hi. I am running stable and just installed logcheck
I get this mail:
run-parts: component /etc/cron.d/logcheck is not an executable plain file
in /etc/cron.d/ i have this:
-rw-r--r--1 root root 147 Feb 21 2002 logcheck
the contents of file:
[EMAIL PROTECTED]:/etc/cron.d$ cat
Kenneth Macdonald Karlsen wrote:
Hi. I am running stable and just installed logcheck
I get this mail:
run-parts: component /etc/cron.d/logcheck is not an executable plain file
/etc/cron.d isn't called from run-parts. What is in your /etc/crontab?
in /etc/cron.d/ i have this:
-rw-r--r--1
Hi. I am running stable and just installed logcheck
I get this mail:
run-parts: component /etc/cron.d/logcheck is not an executable plain file
in /etc/cron.d/ i have this:
-rw-r--r--1 root root 147 Feb 21 2002 logcheck
the contents of file:
[EMAIL PROTECTED]:/etc/cron.d$ cat
On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote:
> Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic:
> > I am using logcheck, personally installed on my Debian-Server/WS,
> > because, there are no debian-packages .. :(
>
> I don't know about sarge and woody, bu
On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote:
> Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic:
> > I am using logcheck, personally installed on my Debian-Server/WS,
> > because, there are no debian-packages .. :(
>
> I don't know about sarge and woody, bu
Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic:
> I am using logcheck, personally installed on my Debian-Server/WS,
> because, there are no debian-packages .. :(
I don't know about sarge and woody, but logcheck in sid, roughly preconfigured
for debian systems.
> But the
At 00:27 on Mar 31, Jan-Hendrik Palic shook the earth with:
> I am using logcheck, personally installed on my Debian-Server/WS,
> because, there are no debian-packages .. :(
> But the big issue with logcheck is, that you can get mails with
> log-entries, but logcheck cannot provide
Hi ..
On Sun, Mar 30, 2003 at 11:42:36PM +0200, Stefan Neufeind wrote:
>So generally:
>I'm looking for a good log-monitoring-tool - not only for Debian-
>systems (at least I'm honest) so I need to be able to also compile
>and package it again myself for different systems
Hi,
I read on this list that several people are using logcheck, right? Is
this still up2date? Somewhere on the net I found that it was followed
by logsentry from Psionic - but this company doesn't seem to exist
anymore. Afaik logsentry at last was also free. And does anybody know
some
Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic:
> I am using logcheck, personally installed on my Debian-Server/WS,
> because, there are no debian-packages .. :(
I don't know about sarge and woody, but logcheck in sid, roughly preconfigured
for debian systems.
> But the
At 00:27 on Mar 31, Jan-Hendrik Palic shook the earth with:
> I am using logcheck, personally installed on my Debian-Server/WS,
> because, there are no debian-packages .. :(
> But the big issue with logcheck is, that you can get mails with
> log-entries, but logcheck cannot provide
Hi ..
On Sun, Mar 30, 2003 at 11:42:36PM +0200, Stefan Neufeind wrote:
>So generally:
>I'm looking for a good log-monitoring-tool - not only for Debian-
>systems (at least I'm honest) so I need to be able to also compile
>and package it again myself for different systems
Hi,
I read on this list that several people are using logcheck, right? Is
this still up2date? Somewhere on the net I found that it was followed
by logsentry from Psionic - but this company doesn't seem to exist
anymore. Afaik logsentry at last was also free. And does anybody know
some
logcheck has started noticing the above error. I did a ls -lsa
/usr/bin/mlock and the result is:
8 -rwxr-sr-x1 root root 5668 Jan 13 2002 mlock
Does this mean that somehow the permissions have changed?
Should they have changed - and why?
How should I correct this? (Has my box
logcheck has started noticing the above error. I did a ls -lsa
/usr/bin/mlock and the result is:
8 -rwxr-sr-x1 root root 5668 Jan 13 2002 mlock
Does this mean that somehow the permissions have changed?
Should they have changed - and why?
How should I correct this? (Has my box
To anyone interested, the following line in a cfengine2 "tidy:"
section sorts the problem nicely:
/var/log pattern=*.0 age=20 type=mtime
grotate's configuration to
> change. After deleting those (note: not all .0 files are bad; check the
> date), everything worked fine.
The problem is that savelog begins its suffix with 0 while logrotate
begins its suffix with 1. logcheck has a crude hack to support them:
if the log fi
On Thu, Aug 08, 2002 at 09:51:18PM -0400, Hubert Chan wrote:
> I'm not sure who's at fault here, but I found that /var/log contained
> many old log files, with a ".0" extension, which I believe got there
> when changing system loggers, causing logrotate's configuration to
> change. After deleting
On Fri, Aug 09, 2002 at 10:39:36AM +0900, Olaf Meeuwissen wrote:
> I've seen it only once, a few days ago, but that was after I changed
> the /etc/logcheck/logcheck.logfiles. There were also a bunch of
> warnings from logcheck that it could not create files in
> /var/lib/logcheck
>>>>> "Dale" == Dale Amon <[EMAIL PROTECTED]> writes:
Dale> I've got a problem with logcheck that I wondered if anyone else
Dale> has been seeing.
Dale> Just after the logrotation in the early morning, I get one screwed
Dale> up logcheck report
David Caplan <[EMAIL PROTECTED]> writes:
> > I've got a problem with logcheck that I wondered if anyone
> > else has been seeing.
> >
> > Just after the logrotation in the early morning, I get one
> > screwed up logcheck report back from each machine. Th
> I've got a problem with logcheck that I wondered if anyone
> else has been seeing.
>
> Just after the logrotation in the early morning, I get one
> screwed up logcheck report back from each machine. The report
> contains fragments of months old data.
>
> For the o
I've got a problem with logcheck that I wondered if anyone
else has been seeing.
Just after the logrotation in the early morning, I get one
screwed up logcheck report back from each machine. The report
contains fragments of months old data.
For the other 23 hours of the day, all log report
On Fri, 14 Sep 2001 19:50:04 -0500,
Rob VanFleet <[EMAIL PROTECTED]> wrote:
> So I added the following regex to catch it:
>
> /USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim -a -f
> /etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)
>
> (after simply trying to add a '.*' b
On Fri, 14 Sep 2001 19:50:04 -0500,
Rob VanFleet <[EMAIL PROTECTED]> wrote:
> So I added the following regex to catch it:
>
> /USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim -a -f
> /etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)
>
> (after simply trying to add a '.*'
I seem to be having a small problem with something in the
logcheck.ignore file. The default setup for the logcheck package under
debian already contains this entry in logcheck.ignore to avoid reporting
this common cron job:
/USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim \]; then
I seem to be having a small problem with something in the
logcheck.ignore file. The default setup for the logcheck package under
debian already contains this entry in logcheck.ignore to avoid reporting
this common cron job:
/USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim \]; then
Stefan Srdic wrote:
> I've just installed PortSentry (from unstable for kernel 2.4support)
> and Logcheck (from testing) onto my Woody box.
>
> I have PortSentry configure to use the Netfilter logging and limit options
> to properly log port scan attemps from hostile host
Stefan Srdic wrote:
> I've just installed PortSentry (from unstable for kernel 2.4support)
> and Logcheck (from testing) onto my Woody box.
>
> I have PortSentry configure to use the Netfilter logging and limit options
> to properly log port scan attemps from hostile
Hey guys,
I've just installed PortSentry (from unstable for kernel 2.4support)
and
Logcheck (from testing) onto my Woody box.
I have PortSentry configure to use the Netfilter logging and limit options to
properly log port scan attemps from hostile host. Do any of you know how I
Hey guys,
I've just installed PortSentry (from unstable for kernel 2.4support) and
Logcheck (from testing) onto my Woody box.
I have PortSentry configure to use the Netfilter logging and limit options to
properly log port scan attemps from hostile host. Do any of you know how I
Robert Ramiega wrote:
>
> On Tue, Feb 06, 2001 at 04:26:56PM +0100, Ingemar Fällman wrote:
> > Hi
> >
> > Purge the package with dpkg --purge logcheck this will remove all config
> > files,
> > then download the version from testing and install it.
> >
&
Antti Tolamo wrote:
> >the important files are
> >
> >
> >/etc/logcheck/logcheck.logfiles
> >/etc/logcheck/logcheck.ignore.paranoid
> >/etc/logcheck/logcheck.ignore.server
> >/etc/logcheck/logcheck.ignore.workstation
>
> I miss those above. Are th
> > I don't have logcheck.logfile at all???
> neither do I. I have the list of logfiles in /usr/sbin/logcheck.sh
> maybe check there for the file names.
/etc/logcheck/logcheck.logfiles has been introduced in logcheck version
1.1.1-7.3 (the version in unstable). Older versions
On Tue, Feb 06, 2001 at 04:26:56PM +0100, Ingemar Fällman wrote:
> Hi
>
> Purge the package with dpkg --purge logcheck this will remove all config
> files,
> then download the version from testing and install it.
>
> Then you can be sure that all files are ok.
I don&#x
Hi
Purge the package with dpkg --purge logcheck this will remove all config
files,
then download the version from testing and install it.
Then you can be sure that all files are ok.
/I
Antti Tolamo wrote:
>
> At 17:06 6.2.2001, you wrote:
>
> >Antti Tolamo wrote:
> >d
On Tue, Feb 06, 2001 at 05:19:20PM +0200, Antti Tolamo wrote:
> >/etc/logcheck/logcheck.logfiles
> >/etc/logcheck/logcheck.ignore.paranoid
> >/etc/logcheck/logcheck.ignore.server
> >/etc/logcheck/logcheck.ignore.workstation
>
> I miss those above. Are they any
Robert Ramiega wrote:
>
> On Tue, Feb 06, 2001 at 04:26:56PM +0100, Ingemar Fällman wrote:
> > Hi
> >
> > Purge the package with dpkg --purge logcheck this will remove all config
> > files,
> > then download the version from testing and install it.
> >
&
knowing what should come with it.
the important files are
/etc/logcheck/logcheck.logfiles
/etc/logcheck/logcheck.ignore.paranoid
/etc/logcheck/logcheck.ignore.server
/etc/logcheck/logcheck.ignore.workstation
I miss those above. Are they anyway essential?
Logcheck 1.1.1-4.
Antti
Antti Tolamo wrote:
> >the important files are
> >
> >
> >/etc/logcheck/logcheck.logfiles
> >/etc/logcheck/logcheck.ignore.paranoid
> >/etc/logcheck/logcheck.ignore.server
> >/etc/logcheck/logcheck.ignore.workstation
>
> I miss those above. Are th
logcheck.sh
>
> What files there should be anyway? I have
> no real way of knowing what should come with it.
If it's not there than most probably it's not needed =o))
It just depends on package version... (i'm using: logcheck 1.1.1-7.3)
--
Robert Ramiega | [EM
> > I don't have logcheck.logfile at all???
> neither do I. I have the list of logfiles in /usr/sbin/logcheck.sh
> maybe check there for the file names.
/etc/logcheck/logcheck.logfiles has been introduced in logcheck version
1.1.1-7.3 (the version in unstable). Older versions
Hi
logcheck.logfile is only in testing and unstable, the stable
version of logcheck does not have that file.
/I
Antti Tolamo wrote:
>
> At 16:23 6.2.2001, Robert Ramiega wrote:
> >On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
> > >
> > >
> &g
Antti Tolamo wrote:
>
> At 16:23 6.2.2001, Robert Ramiega wrote:
> >On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
> > >
> > >
> > > I just noticed that my logcheck does double entries(same
> > > entry is inserted twice). First comes
At 16:23 6.2.2001, Robert Ramiega wrote:
On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
>
>
> I just noticed that my logcheck does double entries(same
> entry is inserted twice). First comes one hour of entries,
> then it is insterted again.
>
> What c
On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
>
>
> I just noticed that my logcheck does double entries(same
> entry is inserted twice). First comes one hour of entries,
> then it is insterted again.
>
> What could cause this?
Bad configuration ;o)))
I just noticed that my logcheck does double entries(same
entry is inserted twice). First comes one hour of entries,
then it is insterted again.
What could cause this?
Antti
On Tue, Feb 06, 2001 at 04:26:56PM +0100, Ingemar Fällman wrote:
> Hi
>
> Purge the package with dpkg --purge logcheck this will remove all config
> files,
> then download the version from testing and install it.
>
> Then you can be sure that all files are ok.
I don&#x
Hi
Purge the package with dpkg --purge logcheck this will remove all config
files,
then download the version from testing and install it.
Then you can be sure that all files are ok.
/I
Antti Tolamo wrote:
>
> At 17:06 6.2.2001, you wrote:
>
> >Antti Tolamo wrote:
> >d
On Tue, Feb 06, 2001 at 05:19:20PM +0200, Antti Tolamo wrote:
> >/etc/logcheck/logcheck.logfiles
> >/etc/logcheck/logcheck.ignore.paranoid
> >/etc/logcheck/logcheck.ignore.server
> >/etc/logcheck/logcheck.ignore.workstation
>
> I miss those above. Are they any
there should be anyway? I have
> > no real way of knowing what should come with it.
>
>
>the important files are
>
>
>/etc/logcheck/logcheck.logfiles
>/etc/logcheck/logcheck.ignore.paranoid
>/etc/logcheck/logcheck.ignore.server
>/etc/logcheck/logcheck.ignore.workstation
logcheck.sh
>
> What files there should be anyway? I have
> no real way of knowing what should come with it.
If it's not there than most probably it's not needed =o))
It just depends on package version... (i'm using: logcheck 1.1.1-7.3)
--
Robert Ramiega | [EM
Hi
logcheck.logfile is only in testing and unstable, the stable
version of logcheck does not have that file.
/I
Antti Tolamo wrote:
>
> At 16:23 6.2.2001, Robert Ramiega wrote:
> >On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
> > >
> > >
> &g
Antti Tolamo wrote:
>
> At 16:23 6.2.2001, Robert Ramiega wrote:
> >On Tue, Feb 06, 2001 at 04:03:13PM +0200, Antti Tolamo wrote:
> > >
> > >
> > > I just noticed that my logcheck does double entries(same
> > > entry is inserted twice). First comes
1 - 100 of 103 matches
Mail list logo
