From 9f6049c77d9dfd6c3f5d5740792f85d5ac03ffb3 Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Tue, 20 Jun 2017 00:01:56 +0200
Subject: [PATCH] contenu logcheck

---
 reveal/sysadmin.html | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/reveal/sysadmin.html b/reveal/sysadmin.html
index bedc812..8b7cb40 100644
--- a/reveal/sysadmin.html
+++ b/reveal/sysadmin.html
@@ -325,7 +325,26 @@ template = /etc/log2mail/mail
 
 <section>
 <h2>logcheck</h2>
-https://wiki.evolix.org/HowtoLogcheck
+
+Logcheck est un outil qui permet d’envoyer les logs par mail, plus précisément les lignes inconnues (non répertoriées dans ses règles) trouvées dans certains journaux.
+
+# aptitude install logcheck logcheck-database
+
+Fichier /etc/logcheck/logcheck.conf :
+
+REPORTLEVEL="server"
+SENDMAILTO="alert@example.com"
+MAILASATTACH=0
+FQDN=1
+TMP="/tmp"
+
+Exceptions dans ignore.d.server/
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[IPTABLES DROP\] : IN=eth0 OUT= MAC=.*
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ log2mail\[[0-9]+\]: Logfile [.[:alnum:]/]+ rotated. Listening to new file.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: Could not read request from client, bailing out...$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: INFO: SSL Socket Shutdown.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: clock is now [[:alnum:]]+$
 </section>
 
 <section>