[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] pafalertd and logsentry
- Subject: Re: [cobalt-users] pafalertd and logsentry
- From: "Dave Thurman (Mailing List Email)" <listonly@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat Sep 28 08:06:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
on 9/28/02 9:21 AM, Gerald Waugh stated:
> This is an example:
> sendmail.*NOQUEUE.*localhost
> There are no 'spaces' or tabs' it's like ine word.
> cut and paste that line into
> /usr/local/etc/logcheck.ignore
>
> Unless, you have been messing with logcheck.sh
> The docs for logcheck are contained in the first part of logcheck.sh
> Careful some sytems put logcheck.sh in /etc/cron.hourly
> and there may be another one in /usr/local/etc/
I haven't messed with the Raq4 logcheck.sh files. I used the how to on your
site. The addition of the sendmail.*NOQUEUE.*localhost in
logcheck.violations.ignore removed the alert.
As for cron, I didn't again do any thing diff besides mv the file you stated
on the how to. On our Debians we just used the instructs they stated for
adding a crontab entry. I think everything is okay now.
One thing though, on the debians, which I actually used the Raq's to compare
to as a setup guide report more port scans. Could be they are looking for
the Debians though.
--
Thanks!!
Dave Thurman
The Web Presence Group / www.webpresencegroup.net
Listonly <at> webpresencegroup.net / Spam Block 8^Q