contenu logcheck

This commit is contained in:
Gregory Colpart 2017-06-20 00:01:56 +02:00
parent d133676f28
commit 9f6049c77d
1 changed files with 20 additions and 1 deletions

View File

@ -325,7 +325,26 @@ template = /etc/log2mail/mail
<section>
<h2>logcheck</h2>
https://wiki.evolix.org/HowtoLogcheck
Logcheck est un outil qui permet denvoyer les logs par mail, plus précisément les lignes inconnues (non répertoriées dans ses règles) trouvées dans certains journaux.
# aptitude install logcheck logcheck-database
Fichier /etc/logcheck/logcheck.conf :
REPORTLEVEL="server"
SENDMAILTO="alert@example.com"
MAILASATTACH=0
FQDN=1
TMP="/tmp"
Exceptions dans ignore.d.server/
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[IPTABLES DROP\] : IN=eth0 OUT= MAC=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ log2mail\[[0-9]+\]: Logfile [.[:alnum:]/]+ rotated. Listening to new file.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: Could not read request from client, bailing out...$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: INFO: SSL Socket Shutdown.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: clock is now [[:alnum:]]+$
</section>
<section>