[Logcheck-commits] r1175 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.paranoid
rulefiles/linux/violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Sun Jul 16 19:39:13 UTC 2006
Author: madduck
Date: 2006-07-16 19:39:07 +0000 (Sun, 16 Jul 2006)
New Revision: 1175
Added:
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
Removed:
logcheck/trunk/rulefiles/linux/ignore.d.paranoid/proftpd
Modified:
logcheck/trunk/debian/changelog
Log:
* violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for
failed logins.
* violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins
due to limit specification.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-07-16 13:15:59 UTC (rev 1174)
+++ logcheck/trunk/debian/changelog 2006-07-16 19:39:07 UTC (rev 1175)
@@ -16,6 +16,10 @@
a 'none' method.
* ignore.d.server/postfix: improved filters for postfix 2.3 lmtp
connections.
+ * violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for
+ failed logins.
+ * violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins
+ due to limit specification.
* ignore.d.server/kernel: ignore interface link status changes. If they are
important, we would not be able to get mail about them anyway.
* ignore.d.workstation/kernel: ignore messages about unknown keys pressed.
@@ -28,7 +32,7 @@
- German, thanks to maximilian attems!
- Japanese, thanks to Hideki Yamane!
- -- martin f. krafft <madduck at debian.org> Sun, 16 Jul 2006 15:15:26 +0200
+ -- martin f. krafft <madduck at debian.org> Sun, 16 Jul 2006 21:37:58 +0200
logcheck (1.2.46) unstable; urgency=low
Deleted: logcheck/trunk/rulefiles/linux/ignore.d.paranoid/proftpd
===================================================================
Added: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd 2006-07-16 13:15:59 UTC (rev 1174)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd 2006-07-16 19:39:07 UTC (rev 1175)
@@ -0,0 +1,4 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.[:alnum:]]+ user=[-_.[:alnum:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - PAM\([-_.[:alnum:]]+\): Authentication failure\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-._[:alnum:]]+ \(Login failed\): Limit access denies login$
More information about the Logcheck-commits
mailing list