On 13/12/99 Pollywog wrote:
> and i still get in logcheck mails:
> Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613
try
named.*: USAGE .*
> CPU=61.74u/56.5s CHILDCPU=0u/0s
> Dec 13 23:04:55 plukwa PAM_unix[17035]: (ssh) session opened for user root
> by
> (uid=0)
PAM_unix.*: (ssh) session opened for user root .*
i had the same problems with logcheck, even worse it sent ALL of the
kernel boot up messages to root as `unusual activity' at every boot.
along with ALL postfix logging as unusal, pam logins etc etc etc.
I spent over 4 hours writing new information into the ignore files
,trying different variations including the same syntax you show and
it only disabled one or 2 lines from the logs from being reported,
most of the rules simply did not work. that is when i just purged the
damn thing, if its going to send the entire contents of my logs every
2 hours i might as well just read them myself.
i like the idea of logcheck but when it sends so much crap it defeats
its purpose.
since i see its not just me having problems with it perhaps a bug
should be filed, this package is useless out of the box on standard
debian systems.
Ethan
