From owner-freebsd-questions@FreeBSD.ORG Wed Jun 18 00:08:06 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33272E3C for ; Wed, 18 Jun 2014 00:08:06 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 0975A2DF5 for ; Wed, 18 Jun 2014 00:08:05 +0000 (UTC) Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41]) by be-well.ilk.org (Postfix) with ESMTP id 5A36833C1E; Tue, 17 Jun 2014 20:07:59 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id 32BDB39816; Tue, 17 Jun 2014 20:07:57 -0400 (EDT) From: Lowell Gilbert To: tyler@tysdomain.com Subject: Re: periodic: condensing mails References: <53A09B63.50805@tysdomain.com> Reply-To: "freebsd-questions\@freebsd.org" Date: Tue, 17 Jun 2014 20:07:56 -0400 In-Reply-To: <53A09B63.50805@tysdomain.com> (Tyler Littlefield's message of "Tue, 17 Jun 2014 15:47:47 -0400") Message-ID: <447g4ff5b7.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2014 00:08:06 -0000 "Littlefield, Tyler" writes: > I was reading this article: > http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-v= s-monitoring/ > where it mentions this: > I found turning off certain things like the =93security mail=94 also > disables portaudit DB updates. But I just changed my portaudit call to > include the download. > Somehow I had assumed that *update* would be separate from *report*. > Is this still an issue? If so, how have people fixed it? I'm looking > at condensing this (I'm dumping all failed ssh logins into a > blacklist, so I don't need to know about them). I get a lot of > material and sometimes it's a ton to read through. I'm really not clear on what you're doing exactly.=20 Maybe what you're looking for is daily_status_security_inline rather than disabling specific checks?