diff options
Diffstat (limited to 'security/logcheck/files/extra-patch-docs__logcheck.8.in')
| -rw-r--r-- | security/logcheck/files/extra-patch-docs__logcheck.8.in | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/security/logcheck/files/extra-patch-docs__logcheck.8.in b/security/logcheck/files/extra-patch-docs__logcheck.8.in new file mode 100644 index 000000000000..e190ae0b4e7c --- /dev/null +++ b/security/logcheck/files/extra-patch-docs__logcheck.8.in @@ -0,0 +1,118 @@ +--- docs/logcheck.8.orig 2009-12-15 15:03:22.000000000 -0500 ++++ docs/logcheck.8 2009-12-15 15:03:41.000000000 -0500 +@@ -0,0 +1,115 @@ ++.\" This manpage has been automatically generated by docbook2man ++.\" from a DocBook document. This tool can be found at: ++.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> ++.\" Please send any bug reports, improvements, comments, patches, ++.\" etc. to Steve Cheng <steve@ggi-project.org>. ++.TH "Logcheck" "8" "15 December 2009" "" "" ++ ++.SH NAME ++logcheck \- program to scan system logs for interesting lines ++.SH SYNOPSIS ++ ++\fBlogcheck\fR [ \fBOPTIONS\fR ] ++ ++.SH "DESCRIPTION" ++.PP ++The \fBlogcheck\fR program helps spot problems and ++security violations in your logfiles automatically and will send the ++results to you periodically in an e-mail. By default logcheck runs as ++an hourly cronjob just off the hour and after every reboot. ++.PP ++\fBlogcheck\fR supports three level of filtering: ++"paranoid" is for high-security machines running as few services ++as possible. Don't use it if you can't handle its verbose messages. ++"server" is the default and contains rules for many different daemons. ++"workstation" is for sheltered machines and filters most of the messages. ++The ignore rules work in additive manner. "paranoid" rules are also ++included at level "server" and "workstation". ++.PP ++The messages reported are sorted into three layers, system events, ++security events and attack alerts. The verbosity of system events is ++controlled by which level you choose, paranoid, server or workstation. ++However, security events and attack alerts are not affected by this. ++.SH "EXAMPLES" ++.PP ++\fBlogcheck\fR can be invoked directly thanks ++to su(8) or sudo(8), which change the user ID. The following example checks the logfiles ++without updating the offset and outputs everything to STDOUT. ++.PP ++sudo -u logcheck \fBlogcheck\fR -o -t ++.SH "OPTIONS" ++.PP ++A summary of options is included below. ++.TP ++\fB-c CFG \fR ++Overrule default configuration file. ++.TP ++\fB-d \fR ++Debug mode. ++.TP ++\fB-h \fR ++Show usage information. ++.TP ++\fB-H \fR ++Use this hostname string in the subject of logcheck mail. ++.TP ++\fB-l LOG \fR ++Run logfile through logcheck. ++.TP ++\fB-L CFG \fR ++Overrule default logfiles list. ++.TP ++\fB-m \fR ++Mail report to recipient. ++.TP ++\fB-o \fR ++STDOUT mode, not sending mail. ++.TP ++\fB-p \fR ++Set the report level to "paranoid". ++.TP ++\fB-r DIR \fR ++Overrule default rules directory. ++.TP ++\fB-R \fR ++Adds "Reboot:" to the email subject line. ++.TP ++\fB-s \fR ++Set the report level to "server". ++.TP ++\fB-S DIR \fR ++Overrule default state directory. ++.TP ++\fB-t \fR ++Testing mode does not update offset. ++.TP ++\fB-T \fR ++Do not remove the TMPDIR. ++.TP ++\fB-u \fR ++Enable syslog-summary. ++.TP ++\fB-v \fR ++Print current version. ++.TP ++\fB-w \fR ++Set the report level to "workstation". ++.SH "FILES" ++.PP ++%%ETCDIR%%/logcheck.conf is the main configuration file. ++.PP ++%%ETCDIR%%/logcheck.logfiles is the list of files to monitor. ++.PP ++%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules. ++.SH "EXIT STATUS" ++.PP ++0 upon success; 1 upon failure ++.SH "SEE ALSO" ++.PP ++\fBlogtail\fR(8) ++.SH "AUTHOR" ++.PP ++logcheck is developed by Debian logcheck Team at alioth: ++http://alioth.debian.org/projects/logcheck/. ++.PP ++This manual page was written by Jon Middleton. |