DH_INSTALLLOGCHECK(1) Debhelper DH_INSTALLLOGCHECK(1)NAME
dh_installlogcheck - install logcheck rulefiles into etc/logcheck/
SYNOPSIS
dh_installlogcheck [debhelperoptions]
DESCRIPTION
dh_installlogcheck is a debhelper program that is responsible for installing logcheck rule files.
FILES
debian/package.logcheck.cracking
debian/package.logcheck.violations
debian/package.logcheck.violations.ignore
debian/package.logcheck.ignore.workstation
debian/package.logcheck.ignore.server
debian/package.logcheck.ignore.paranoid
Each of these files, if present, are installed into corresponding subdirectories of etc/logcheck/ in package build directories.
OPTIONS --name=name
Look for files named debian/package.name.logcheck.* and install them into the corresponding subdirectories of etc/logcheck/, but use
the specified name instead of that of the package.
SEE ALSO debhelper(7)
This program is a part of debhelper.
AUTHOR
Jon Middleton <jjm@debian.org>
11.1.6ubuntu2 2018-05-10 DH_INSTALLLOGCHECK(1)
Check Out this Related Man Page
Logcheck(8) System Manager's Manual Logcheck(8)NAME
logcheck -- program to scan system logs for interesting lines
SYNOPSIS
logcheck [OPTIONS]
DESCRIPTION
The logcheck program helps spot problems and security violations in your logfiles automatically and will send the results to you periodi-
cally in an e-mail. By default logcheck runs as an hourly cronjob just off the hour and after every reboot.
logcheck supports three level of filtering: "paranoid" is for high-security machines running as few services as possible. Don't use it if
you can't handle its verbose messages. "server" is the default and contains rules for many different daemons. "workstation" is for shel-
tered machines and filters most of the messages. The ignore rules work in additive manner. "paranoid" rules are also included at level
"server". "workstation" level includes both "paranoid" and "server" rules.
The messages reported are sorted into three layers, system events, security events and attack alerts. The verbosity of system events is
controlled by which level you choose, paranoid, server or workstation. However, security events and attack alerts are not affected by
this.
EXAMPLES
logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID. The following example checks the logfiles without
updating the offset and outputs everything to STDOUT.
sudo -u logcheck logcheck -o -t
OPTIONS
A summary of options is included below.
-c CFG Overrule default configuration file.
-d Debug mode.
-h Show usage information.
-H Use this hostname string in the subject of logcheck mail.
-l LOG Run logfile through logcheck.
-L CFG Overrule default logfiles list.
-m Mail report to recipient.
-o STDOUT mode, not sending mail.
-p Set the report level to "paranoid".
-r DIR Overrule default rules directory.
-R Adds "Reboot:" to the email subject line.
-s Set the report level to "server".
-S DIR Overrule default state directory.
-t Testing mode does not update offset.
-T Do not remove the TMPDIR.
-u Enable syslog-summary.
-v Print current version.
-w Set the report level to "workstation".
FILES
/etc/logcheck/logcheck.conf is the main configuration file.
/etc/logcheck/logcheck.logfiles is the list of files to monitor.
/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.
EXIT STATUS
0 upon success; 1 upon failure
SEE ALSO logtail(8)AUTHOR
logcheck is developed by Debian logcheck Team at alioth: http://alioth.debian.org/projects/logcheck/.
This manual page was written by Jon Middleton.
Logcheck(8)