1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
logcheck for Debian
-------------------
Configuration
~~~~~~~~~~~~~
Logcheck configuration is done in the file /etc/logcheck/logcheck.conf.
To change the email address to which reports are sent, change the line:
SENDMAILTO="root"
to:
SENDMAILTO="emailaddress@some.domain.tld"
The reportlevel (that is, the degree of filtering applied to "routine" system
events) can be reduced from the default by changing the line:
REPORTLEVEL="server"
to:
REPORTLEVEL="workstation"
or increased:
REPORTLEVEL="paranoid"
Note that "server" includes "paranoid" and "workstation" includes "server"
(which includes "paranoid").
There are a number of other options which are documented in
/etc/logcheck/logcheck.conf itself.
By default logcheck is set to run once an hour. This can be changed by editing
the systemd logcheck.timer definition or /etc/cron.d/logcheck, depending on
your system's init.
Please note that the permissions of rulefiles installed with
dh_installlogcheck after installing logcheck will differ from those included
in logcheck-database. This is because dh_installlogcheck cannot yet assume
that the logcheck user exists. This may be changed in a future version of
Debian.
Getting the source/contributing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Debian logcheck package is now maintained with git:
https://salsa.debian.org/debian/logcheck.git
Also see: README.source
|
