From acb3db14391069a3b0f4fb4a46d9b5efeca3007b Mon Sep 17 00:00:00 2001
From: Stefan Kangas <skangas@skangas.se>
Date: Wed, 10 Nov 2010 22:24:01 +0100
Subject: Add logcheck rules to ignore rsyslog status messages.

---
 fri-epost-docs.org | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fri-epost-docs.org b/fri-epost-docs.org
index 83ba401..fa6f7b1 100644
--- a/fri-epost-docs.org
+++ b/fri-epost-docs.org
@@ -81,7 +81,10 @@ We welcome all critisism, suggestions for improvements, additions etc.  Please s
 
      + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: disconnected by user$
 
+   - /etc/logcheck/ignore.d.server/rsyslog [until rsyslog 4.2.0-2 hits stable]
 
+   ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[[[:digit:]]+\.[[:digit:]]+\])? imklog [0-9.]+, log source = /proc/kmsg started.$
+   ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] restart$
 
 ** Configuring aptitude and friends
    We're going for a setup where we install many security updates automatically using the package "unattended-upgrades".  Automated upgrades are in general not a very good idea, but "unattended-upgrades" takes steps to minimize the issues with this kind of setup.  Given the Debian security teams track record we believe the positives outweigh the negatives.
-- 
cgit v1.2.3