also sprach Jeremy L. Gaddis <jlgad...@gnu.org> [2011.07.08.0624 +0200]: > I am also a newcomer to the logcheck project. About three months ago, I > responded to madduck's now nearly two-year-old Request For Help[0] and > was added to the project. In that time, I have made a few updates to > rules files in response to open bugs.
Thanks for joining the project, and welcome! > One thing that Hannes mentioned was in response to commits > 5f7da05[1] and cf5e9d3[2] which I made to address bug #590559[3]. > As he mentioned in his email, webmin was removed from the Debian > archive over five years ago[4]. He Cc:'d madduck asking what the > policy is for rules for packages that have been removed from > Debian. My personal thought was that since they were still there, > they might as well be updated. For clarification and future > reference, I am interested in knowing what the policy is as well. I do not think there is a policy. It makes sense to keep filters around while any version of Debian still has a package (due to backports), but when Debian does not have the package at all anymore, then there is no real reason to carry over the weight… > Currently, I am trying to figure out the proper thing to do with regard > to bug #621373[7]. This is a request for two rules related to log > messages generated by avahi-daemon. As of now, there are no rules in > logcheck-database for Avahi. Is there some process for deciding if it > is appropriate to add them or do we just go ahead (which seems like the > logical decision to me). It would make much more sense to distribute the filters in the avahi-daemon package. > Related to that, can I assume that the proper file to create would > be i.d.s/avahi-daemon instead of i.d.w/avahi-daemon? Avahi is > often present on both servers and workstations so it would seem > appropriate to put it under i.d.s since those rules will get > applied when REPORTLEVEL is set to "workstation" as well as > "server". I really do not see a reason why one would have Avahi on a server, so I'd tend to put it into the workstation pool. If you disagree, then use your own judgement. > My next question is how is it decided whether or not to add, > delete, or update (whatever the case may be) rules in response to > a request/bug report? I have read some bug reports (e.g. > #564063[8]) where the correct decision is not obvious. Do we add > the rules or not? How do you decide? We flip coins! In general, we serve to make life better for our users. Hence informational messages can and should be filtered. > Bug #617232[9] mentions rules which match on IPv4 addresses but > will not match IPv6 addresses. Should we begin updating rules so > that both IPv4 and IPv6 addresses will be matched? Is there > a preferred methodology for doing this, or is it okay to simply > start working on it now? Rather than hacking the regexps, this should really be done by finally introducing macros/templates/patterns into rulefiles. > On a side note, is it appropriate to add my own name to the list > on the main logcheck page[10]? Maybe it's a little narcisstic, > but I like seeing my own name. :) If you contibute, your name should be shown if this is what you want! Thanks for your time and effort. I hope I answered all questions. -- .''`. martin f. krafft <madduck@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems "the intellect is not a serious thing, and never has been. it is an instrument on which one plays, that is all." -- oscar wilde
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel