12
12
There are three layers of sets of filtering rules, all of which are
13
13
normal egrep pattern-matches, applied in turn.
18
18
Patterns raising the alarm go in "/etc/logcheck/cracking.d"; any
19
19
event that matches one of these patterns turns the report
21
21
event moved to a special section. The cracking.d standard
22
22
keywords file is seeded with known symptoms of hostile
23
23
activity (see logcheck's README.keywords file).