1Debian Maintainer Information for logcheck 2------------------------------------------ 3 4Packages are encouraged to install their own logcheck rulefiles, 5because as the package maintainer you will always know best which 6messages can be ignored and which are serious violations. 7 8For this to work correctly, you can install in the following 9directories files named the same as the package itself, since the 10name of the file that generated cracking and violations messages 11will be included in the mail message and therefore should give a 12hint from which package those messages are caused. The possible 13files that a package can include are 14 15 - /etc/logcheck/cracking.d/<packagename> 16 - /etc/logcheck/violations.d/<packagename> 17 - /etc/logcheck/violations.ignore.d/<packagename> 18 - /etc/logcheck/ignore.d.paranoid/<packagename> 19 - /etc/logcheck/ignore.d.server/<packagename> 20 - /etc/logcheck/ignore.d.workstation/<packagename> 21 22As the higher level ignore.d directories include the lower levels 23(i.e. server = server + paranoid) you should try to split your 24rulefile between the different ignore.d directories. 25 26If during the normal operation of your package it produces ignorable 27syslog messages that are included by 28/etc/logcheck/violations.d/<packagename> have to also include the 29following rulefile 30 31 - /etc/logcheck/violations.ignore.d/<packagename> 32 33so that they will be ignored. 34 35Packages should not install symlinks between the ignore.d directories 36but install separate files into each level; note that it is no longer 37necessary anyway for rules to be repeated in each ignore.d.* 38directory. We are now using run-parts (see run-parts(8) for more 39details) directly for listing the rulefiles, and this will ignore 40symlinks. If your filename contains .'s you should replace them with _'s 41so that the file will be included. 42 43The following directory is for local admin use only and packages 44should not install any files in this directory. 45 46 - /etc/logcheck/cracking.ignore.d/ 47 48Also the local admin has to enable this support in logcheck.conf for 49any files to be parsed. 50 51If you are planning on adding rules for your package, please check to 52see if we have included them first. If we already have rules and you 53would like to maintain your own, please let us know before you upload 54so we can avoid filename conflicts. 55 56# vim:tw=70 57