[gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en: logcheck.xml - gentoo-doc-cvs

From:	"Joshua Saddler (nightmorph)" <nightmorph@g.o>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en: logcheck.xml
Date:	Tue, 12 Oct 2010 17:39:34
Message-Id:	`20101012173924.DD2672004C@flycatcher.gentoo.org`

1

nightmorph    10/10/12 17:39:24

2

3

  Modified:             logcheck.xml

4

  Log:

5

  add troubleshooting section and log file scanning, bug 340657

6

7

Revision  Changes    Path

8

1.2                  xml/htdocs/doc/en/logcheck.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&content-type=text/plain

12

diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?r1=1.1&r2=1.2

13

14

Index: logcheck.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v

17

retrieving revision 1.1

18

retrieving revision 1.2

19

diff -u -r1.1 -r1.2

20

--- logcheck.xml	13 Jul 2010 20:29:06 -0000	1.1

21

+++ logcheck.xml	12 Oct 2010 17:39:24 -0000	1.2

22

@@ -1,6 +1,6 @@

23

 <?xml version='1.0' encoding='UTF-8'?>

24

 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

25

-<!-- $Header $ -->

26

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v 1.2 2010/10/12 17:39:24 nightmorph Exp $ -->

27

28

 <guide>

29

 <title>Logcheck Guide</title>

30

@@ -20,8 +20,8 @@

31

 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

32

 <license/>

33

34

-<version>1</version>

35

-<date>2010-07-13</date>

36

+<version>2</version>

37

+<date>2010-10-12</date>

38

39

 <chapter>

40

 <title>Getting Started With logcheck</title>

41

@@ -130,6 +130,16 @@

42

 </pre>

43

44

<p>

45

+You also have to tell <c>logcheck</c> which log files to scan

46

+(<path>/etc/logcheck/logcheck.logfiles</path>).

47

+</p>

48

+

49

+<pre caption="Basic /etc/logcheck/logcheck.logfiles setup">

50

+<comment>(This is an example for syslog-ng)</comment>

51

+/var/log/messages

52

+</pre>

53

+

54

+<p>

55

 Finally, enable the logcheck cron job.

56

 </p>

57

58

@@ -161,4 +171,54 @@

59

 </body>

60

 </section>

61

 </chapter>

62

+

63

+<chapter>

64

+<title>Troubleshooting</title>

65

+<section>

66

+<title>General tips</title>

67

+<body>

68

+

69

+<p>

70

+You can use the logcheck's <c>-d</c> switch to display more debugging

71

+information. Example:

72

+</p>

73

+

74

+<pre caption="Debugging logcheck">

75

+# <i>su -s /bin/bash -c '/usr/sbin/logcheck -d' logcheck</i>

76

+D: [1281318818] Turning debug mode on

77

+D: [1281318818] Sourcing - /etc/logcheck/logcheck.conf

78

+D: [1281318818] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw

79

+D: [1281318818] Trying to get lockfile: /var/lock/logcheck/logcheck.lock

80

+D: [1281318818] Running lockfile-touch /var/lock/logcheck/logcheck.lock

81

+D: [1281318818] cleanrules: /etc/logcheck/cracking.d/kernel

82

+...

83

+D: [1281318818] cleanrules: /etc/logcheck/violations.d/su

84

+D: [1281318818] cleanrules: /etc/logcheck/violations.d/sudo

85

+...

86

+D: [1281318825] logoutput called with file: /var/log/messages

87

+D: [1281318825] Running /usr/sbin/logtail2 on /var/log/messages

88

+D: [1281318825] Sorting logs

89

+D: [1281318825] Setting the Intro

90

+D: [1281318825] Checking for security alerts

91

+D: [1281318825] greplogoutput: kernel

92

+...

93

+D: [1281318825] greplogoutput: returning 1

94

+D: [1281318825] Checking for security events

95

+...

96

+D: [1281318825] greplogoutput: su

97

+D: [1281318825] greplogoutput: Entries in checked

98

+D: [1281318825] cleanchecked - file: /tmp/logcheck.uIFLqU/violations-ignore/logcheck-su

99

+D: [1281318825] report: cat'ing - Security Events for su

100

+...

101

+D: [1281318835] report: cat'ing - System Events

102

+D: [1281318835] Setting the footer text

103

+D: [1281318835] Sending report: 'localhost 2010-08-09 03:53 Security Events' to root

104

+D: [1281318835] cleanup: Killing lockfile-touch - 17979

105

+D: [1281318835] cleanup: Removing lockfile: /var/lock/logcheck/logcheck.lock

106

+D: [1281318835] cleanup: Removing - /tmp/logcheck.uIFLqU

107

+</pre>

108

+

109

+</body>

110

+</section>

111

+</chapter>

112

 </guide>

1	nightmorph 10/10/12 17:39:24
2
3	Modified: logcheck.xml
4	Log:
5	add troubleshooting section and log file scanning, bug 340657
6
7	Revision Changes Path
8	1.2 xml/htdocs/doc/en/logcheck.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&content-type=text/plain
12	diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?r1=1.1&r2=1.2
13
14	Index: logcheck.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v
17	retrieving revision 1.1
18	retrieving revision 1.2
19	diff -u -r1.1 -r1.2
20	--- logcheck.xml 13 Jul 2010 20:29:06 -0000 1.1
21	+++ logcheck.xml 12 Oct 2010 17:39:24 -0000 1.2
22	@@ -1,6 +1,6 @@
23	<?xml version='1.0' encoding='UTF-8'?>
24	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
25	-<!-- $Header $ -->
26	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v 1.2 2010/10/12 17:39:24 nightmorph Exp $ -->
27
28	<guide>
29	<title>Logcheck Guide</title>
30	@@ -20,8 +20,8 @@
31	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
32	<license/>
33
34	-<version>1</version>
35	-<date>2010-07-13</date>
36	+<version>2</version>
37	+<date>2010-10-12</date>
38
39	<chapter>
40	<title>Getting Started With logcheck</title>
41	@@ -130,6 +130,16 @@
42	</pre>
43
44	<p>
45	+You also have to tell <c>logcheck</c> which log files to scan
46	+(<path>/etc/logcheck/logcheck.logfiles</path>).
47	+</p>
48	+
49	+<pre caption="Basic /etc/logcheck/logcheck.logfiles setup">
50	+<comment>(This is an example for syslog-ng)</comment>
51	+/var/log/messages
52	+</pre>
53	+
54	+<p>
55	Finally, enable the logcheck cron job.
56	</p>
57
58	@@ -161,4 +171,54 @@
59	</body>
60	</section>
61	</chapter>
62	+
63	+<chapter>
64	+<title>Troubleshooting</title>
65	+<section>
66	+<title>General tips</title>
67	+<body>
68	+
69	+<p>
70	+You can use the logcheck's <c>-d</c> switch to display more debugging
71	+information. Example:
72	+</p>
73	+
74	+<pre caption="Debugging logcheck">
75	+# <i>su -s /bin/bash -c '/usr/sbin/logcheck -d' logcheck</i>
76	+D: [1281318818] Turning debug mode on
77	+D: [1281318818] Sourcing - /etc/logcheck/logcheck.conf
78	+D: [1281318818] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw
79	+D: [1281318818] Trying to get lockfile: /var/lock/logcheck/logcheck.lock
80	+D: [1281318818] Running lockfile-touch /var/lock/logcheck/logcheck.lock
81	+D: [1281318818] cleanrules: /etc/logcheck/cracking.d/kernel
82	+...
83	+D: [1281318818] cleanrules: /etc/logcheck/violations.d/su
84	+D: [1281318818] cleanrules: /etc/logcheck/violations.d/sudo
85	+...
86	+D: [1281318825] logoutput called with file: /var/log/messages
87	+D: [1281318825] Running /usr/sbin/logtail2 on /var/log/messages
88	+D: [1281318825] Sorting logs
89	+D: [1281318825] Setting the Intro
90	+D: [1281318825] Checking for security alerts
91	+D: [1281318825] greplogoutput: kernel
92	+...
93	+D: [1281318825] greplogoutput: returning 1
94	+D: [1281318825] Checking for security events
95	+...
96	+D: [1281318825] greplogoutput: su
97	+D: [1281318825] greplogoutput: Entries in checked
98	+D: [1281318825] cleanchecked - file: /tmp/logcheck.uIFLqU/violations-ignore/logcheck-su
99	+D: [1281318825] report: cat'ing - Security Events for su
100	+...
101	+D: [1281318835] report: cat'ing - System Events
102	+D: [1281318835] Setting the footer text
103	+D: [1281318835] Sending report: 'localhost 2010-08-09 03:53 Security Events' to root
104	+D: [1281318835] cleanup: Killing lockfile-touch - 17979
105	+D: [1281318835] cleanup: Removing lockfile: /var/lock/logcheck/logcheck.lock
106	+D: [1281318835] cleanup: Removing - /tmp/logcheck.uIFLqU
107	+</pre>
108	+
109	+</body>
110	+</section>
111	+</chapter>
112	</guide>

Gentoo Archives: gentoo-doc-cvs