[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Logcheck/cron question
- Subject: RE: [cobalt-users] Logcheck/cron question
- From: "Wood, Bradley" <Bradley.Wood@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed Jun 19 01:57:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
man syslog.conf
> -----Original Message-----
> From: Andy Clyde, oxfordmusic.net [mailto:andy.clyde@xxxxxxxxxxxxxxx]
> Sent: 19 June 2002 09:43
> To: Cobalt Users
> Subject: [cobalt-users] Logcheck/cron question
>
>
> ok newbie question. this might be slightly off-topic but if
> someone could
> answer/direct me to an answer i'd be grateful. i have
> searched web/archives
> and tried almost everything i can think of but to no avail.
>
> i'm getting these entries every 8 seconds in my log emails:
> Jun 18 04:27:37 ns portsentry[1253]: attackalert: UDP scan from host:
> xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx to UDP port: 68
> Jun 18 04:27:37 ns portsentry[1253]: attackalert: Host:
> xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx is already blocked Ignoring
>
> the IP address is in the block owned by my co-locator. i've
> contacted them
> and they say it's nothing to do with them (it's a bootp
> client apparently).
> i want to rid my logs of these entries since they are
> swamping it. i've
> tried adding various combinations to logcheck.ignore and
> logcheck.violations.ignore but they're still appearing. can
> anyone help me?
>
> many thanks
>
> andy
>
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
Our network may monitor outgoing and incoming e-mail messages for security and customer service purposes,
but this e-mail is confidential. Please notify the sender immediately if you receive it in error, and then delete it. Thank you.