logcheck.hacking -- Keywords that are known attacks on your system. Keywords that match words in this file are marked as “ACTIVE SYSTEM ATTACK”.
logcheck.ignore -- Keywords to ignore and not report as unusual system activity.
logcheck.violations -- Keywords that are usually seen as negative, such as “denied” and “refused” but which may be routine to a working system.
logcheck.violations.ignore -- Keywords that may be logged as a violation, but that are common and may be ignored, i.e., sendmail connection refused.