Table of Contents

Remark

This page is outdated.  The current version of this page is at https://redmine.auroville.org.in/projects/public-pages/wiki/Logcheck

Versions

The information on this page was developed and tested on Debian 6.0 Squeeze with logcheck is based on working with logcheck on Squeeze, Wheezy and Jessie: 1.3.13 and updated for Debian 7 Wheezy with logcheck , 1.3.15 and 1.3.1517.

References

1. Main documentation:
       Online: http://logcheck.org/docs/
       As installed: directories /usr/share/doc/logcheck and /usr/share/doc/logcheck-database.
           The .gz files may conveniently be read using zcat and less.  For example:
           zcat /usr/share/doc/logcheck-database/README.logcheck-database.gz | less
2. logcheck man page (HTML format): http://linux.die.net/man/8/logcheck

...

• If using sort to order filter files as suggested, sort's --version-sort (-V) option may be required.
• Multiple local-<package name> files have the advantage of being installable and removable with the associated package.

Installing filters in a filter file

...

In case a standard set of local-* filter files are installed on multiple computers and the set needs to be extended, a different naming convention is needed for the extra files. They may, for example, be for a specific role, configuration or defect.  They could be called :

• The processing load can be reduced by installing them with extension .disabled and only removing it when needed.
• Host-specific filter files can have prefix local-local-

...

Backups

If updating an existing file, the original can be backed up with a name which is not entirely of upper and lower case letters, digits, underscores, and hyphens; for example local-foo.bak or local-foo~.  These files will not be used by logcheck.

...