Context Navigation

Changeset 581

Timestamp:

Sep 8, 2024, 1:10:09 PM (3 months ago)

Author:

katerina

Message:

Fix for ticket #469 (regression in log monitoring code).

Location:

trunk

Files:

r580	r581
12	12	dnl start
13	13	dnl
14		AM_INIT_AUTOMAKE(samhain, 4.5.0)
	14	AM_INIT_AUTOMAKE(samhain, 4.5.1)
15	15	AC_DEFINE([SAMHAIN], 1, [Application is samhain])
16	16	AC_CANONICAL_HOST

r580	r581
	1	4.5.1 (08-09-2024):
	2	* fix for regression in SHELL option for log file monitoring
	3	(issue reported by ssha)
	4
1	5	4.5.0 (31-10-2023):
2	6	* fix for reading file attributes on Linux file systems

r541	r581
852	852	entry = SH_ALLOC(sizeof(struct task_entry));
853	853
854		status = sh_ext_popen_init (&(entry->task), logfile->filename, ~~logfile->filename~~, NULL);
	854	status = sh_ext_popen_init (&(entry->task), logfile->filename, NULL, NULL);
855	855	if (0 == status)
856	856	{

-              r19
+              r581
 # dir=1/home/rainer
 #[SuidCheck]
+#SuidCheckActive=T
+[SuidCheck]
+SuidCheckActive=false
 #SuidCheckExclude=/home
+[ProcessCheck]
+#
+# Activate (default is on)
+#
+ProcessCheckActive = no
+[PortCheck]
+#
+# Activate (default is on)
+#
+PortCheckActive = no
+[Logmon]
+#
+# Switch on the module
+#
+LogmonActive = yes
+# Check every second
+#
+LogmonInterval = 1
+# Strip PIDs from syslog messages
+#
+Logmonhidepid = true
+# Define a queue with severity 'crit'.
+# This is a 'report' queue, hence 'interval' (10)
+# will be ignored.
+#
+LogmonQueue = q1:10:report:crit
+# Monitor disks to check for full /dev/sda1
+#
+LogmonWatch = SHELL:df -h
+# Warn about disk /dev/sda1 nearly full (80% or more. Use a
+# non-capturing subexpression [the (?:8|9)] for the percentage full.
+#
+LogmonRule = q1:/dev/nvme1n1p4\s+[0-9GM.]+\s+[0-9GM.]+\s+[0-9GM.]+\s+(?:8|9).%.*
+LogmonDeadtime = 120
+LogmonRule = trash:.*
 [EventSeverity]

Note: See TracChangeset for help on using the changeset viewer.