On Sun, Jun 12, 2011 at 4:59 PM, R P Herrold herrold@owlriver.com wrote:
This was covered by me in a blog post some time ago, as to my approach: http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-updates.html
The rationale for having a redirect (offsite, back to the proper's localhost) is to quell noise from the probing, that would otherwise land in Logwatch reports
I'm glad I asked, that's a nice technique.
Also, the same probing scripts seem to wash around and after a while, one has most of them identified, and in the redirect file
To get folks started, I've pushed my local packaging of rules 'outside' under a GPLv3+ license in SRPM form at: ftp://ftp.owlriver.com/pub/mirror/ORC/deepsix/
Thanks for the rpm.
Cheers,
Mike