[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server

[CVS User maks-guest]

Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv29267/rulefiles/linux/ignore.d.server

Modified Files:
	logcheck ssh 
Log Message:

ignore succesfull logins for server level,
removed a too generic for sshd and enhanced rule in logcheck file.


--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/logcheck	2004/05/13 13:11:51	1.3
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/logcheck	2004/05/17 17:49:12	1.4
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=0\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_[^[:space:]]+: [^[:space:]]+ session opened for user [[:alnum:]-]+ by \(uid=0\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_[^[:space:]]+: [^[:space:]]+ session closed for user [[:alnum:]-]+$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh	2004/05/14 12:14:12	1.3
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh	2004/05/17 17:49:12	1.4
@@ -1,5 +1,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+ (ssh|ssh2)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) session opened for user root by root\(uid=0\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [.0-9]+ port 22\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$