> My logcheck.violations.ignore file contains only one line: > > stat=Deferred > > I can't seem to locate what this means.
It's filtering out sendmail notifications that a mail was deferred. > However, I have one particular line that continually appears in my > Security Violations section that I'd love to ignore. Any advice you > can offer as to the above and what changes I need to make to ignore > a given violation would be appreciated. (I'm assuming the format > will be the same as the other .ignore file.) You just match against syslog output. Let's say you have a syslog line like: Jan 3 11:34:57 willow named[236]: rcvd NOTIFY(55.106.207.in-addr.arpa, IN, SOA) from [207.106.55.189].1024 and for some reason logcheck is sending you this line. You almost certainly don't care that your DNS server is updating it's zone information (since, hey, it's supposed to do that). So the following line in the proper file will cut it out: named.*: rcvd NOTIFY(55.106.207.in-addr.arpa, IN, SOA) from [207.106.55.189].1024 A more general solution that would account for more domains might look like this: named.*: rcvd NOTIFY(.*, IN, SOA) from [.* It's easy to get pretty sofisticated about what you filter and what don't. Ross Vandegrift [EMAIL PROTECTED]
