If you don't want to see certain activity in the reports, look at
logcheck.ignore. Anything specified in that file will be ignored by logcheck.
For example, "ipop3d.*Moved" will ignore entries like this from maillog:
Sep 22 21:28:06 yoda ipop3d[2967]: Moved 7395 bytes of new mail to
/home/ed/mbox from /var/spool/mail/ed host= eds.wrenkasky.com [10.10.10.11]
If you have trouble, send me one of the messages from the log file.
Ed
At 11:01 PM Saturday, 9/22/2001, Paul Rodríguez wrote -=>
>After reading this, I installed Logcheck (after a couple of hours of playing
>around with sendmail and postfix, and after an hour realizing I wasn't
>getting the emails because I had disabled postfix on boot up since I wasn't
>using it yet.. DOH!)
>
>Anywase.. how do I filter out the port 68 DHCP scans from the program? It
>thinks they are attacks and fill my log pretty good.. :(
>
>On Saturday 22 September 2001 15:13, you wrote:
> > FWIW -
> >
> > I use a handy little tool called Logcheck from Psionic that monitors logs
> > and reports via email. It's very configurable and runs via cron so you can
> > run it as often as you like.
Ed Kasky
Los Angeles, CA
. . . . . . . .
It's pretty far, but it doesn't seem like it.
-Yogi Berra, giving directions
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
