--- docs/logcheck.8.orig	2009-12-15 15:03:22.000000000 -0500
+++ docs/logcheck.8	2009-12-15 15:03:41.000000000 -0500
@@ -0,0 +1,115 @@
+.\" This manpage has been automatically generated by docbook2man 
+.\" from a DocBook document.  This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "Logcheck" "8" "15 December 2009" "" ""
+
+.SH NAME
+logcheck \- program to scan system logs for interesting lines
+.SH SYNOPSIS
+
+\fBlogcheck\fR [ \fBOPTIONS\fR ]
+
+.SH "DESCRIPTION"
+.PP
+The \fBlogcheck\fR program helps spot problems and
+security violations in your logfiles automatically and will send the
+results to you periodically in an e-mail. By default logcheck runs as 
+an hourly cronjob just off the hour and after every reboot.
+.PP
+\fBlogcheck\fR supports three level of filtering:
+"paranoid" is for high-security machines running as few services
+as possible. Don't use it if you can't handle its verbose messages.
+"server" is the default and contains rules for many different daemons.
+"workstation" is for sheltered machines and filters most of the messages.
+The ignore rules work in additive manner. "paranoid" rules are also
+included at level "server" and "workstation".
+.PP
+The messages reported are sorted into three layers, system events,
+security events and attack alerts. The verbosity of system events is 
+controlled by which level you choose, paranoid, server or workstation. 
+However, security events and attack alerts are not affected by this.
+.SH "EXAMPLES"
+.PP
+\fBlogcheck\fR can be invoked directly thanks
+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles
+without updating the offset and outputs everything to STDOUT.
+.PP
+sudo -u logcheck \fBlogcheck\fR -o -t
+.SH "OPTIONS"
+.PP
+A summary of options is included below.
+.TP
+\fB-c CFG \fR
+Overrule default configuration file.
+.TP
+\fB-d \fR
+Debug mode.
+.TP
+\fB-h \fR
+Show usage information.
+.TP
+\fB-H \fR
+Use this hostname string in the subject of logcheck mail.
+.TP
+\fB-l LOG \fR
+Run logfile through logcheck.
+.TP
+\fB-L CFG \fR
+Overrule default logfiles list.
+.TP
+\fB-m \fR
+Mail report to recipient.
+.TP
+\fB-o \fR
+STDOUT mode, not sending mail.
+.TP
+\fB-p \fR
+Set the report level to "paranoid".
+.TP
+\fB-r DIR \fR
+Overrule default rules directory.
+.TP
+\fB-R \fR
+Adds "Reboot:" to the email subject line.
+.TP
+\fB-s \fR
+Set the report level to "server".
+.TP
+\fB-S DIR \fR
+Overrule default state directory.
+.TP
+\fB-t \fR
+Testing mode does not update offset.
+.TP
+\fB-T \fR
+Do not remove the TMPDIR.
+.TP
+\fB-u \fR
+Enable syslog-summary.
+.TP
+\fB-v \fR
+Print current version.
+.TP
+\fB-w \fR
+Set the report level to "workstation".
+.SH "FILES"
+.PP
+%%ETCDIR%%/logcheck.conf is the main configuration file.
+.PP
+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.
+.PP
+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.
+.SH "EXIT STATUS"
+.PP
+0 upon success; 1 upon failure
+.SH "SEE ALSO"
+.PP
+\fBlogtail\fR(8)
+.SH "AUTHOR"
+.PP
+logcheck is developed by Debian logcheck Team at alioth: 
+http://alioth.debian.org/projects/logcheck/.
+.PP
+This manual page was written by Jon Middleton.