Per R Laursen wrote:
Hi Togan.
Try to read inside the logcheck.sh file. I dont know where you have this file on your system, but i have made my own SuSE adapted installation of logcheck. In logcheck.sh there you'll find a description of all the files logcheck uses when 'looking' inside log files.
Hi everybody,
I also installed logcheck last week.
The best way to adjust the filtering seems to do it incrementally, i.e.
- run logcheck
- look at the output and add to the *.ignore files appropriate patterns
to
remove uninteresting enties, e.g. -- MARK --
- remove the *.offset files and start again.
continue till happy.
Additionally, you can try logging in with wrong passwors, wrong user,
etc.
from a different host, to see what it looks like in your logfiles, and
check whether logcheck finds those entries. The same goes for
portscanning, etc.
Rupert
PS: I am getting lots of probes for anonymous ftp lately, about twice a
week.
--
Rupert Kittinger