[Logcheck-commits] r1175 - in logcheck/trunk: debian rulefiles/linux/ignore.d.paranoid rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Sun Jul 16 19:39:13 UTC 2006 

Author: madduck
Date: 2006-07-16 19:39:07 +0000 (Sun, 16 Jul 2006)
New Revision: 1175

Added:
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
Removed:
   logcheck/trunk/rulefiles/linux/ignore.d.paranoid/proftpd
Modified:
   logcheck/trunk/debian/changelog
Log:
* violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for
  failed logins.
* violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins
  due to limit specification.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-07-16 13:15:59 UTC (rev 1174)
+++ logcheck/trunk/debian/changelog	2006-07-16 19:39:07 UTC (rev 1175)
@@ -16,6 +16,10 @@
     a 'none' method.
   * ignore.d.server/postfix: improved filters for postfix 2.3 lmtp
     connections.
+  * violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for
+    failed logins.
+  * violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins
+    due to limit specification.
   * ignore.d.server/kernel: ignore interface link status changes. If they are
     important, we would not be able to get mail about them anyway.
   * ignore.d.workstation/kernel: ignore messages about unknown keys pressed.
@@ -28,7 +32,7 @@
     - German, thanks to maximilian attems!
     - Japanese, thanks to Hideki Yamane!
 
- -- martin f. krafft <madduck at debian.org>  Sun, 16 Jul 2006 15:15:26 +0200
+ -- martin f. krafft <madduck at debian.org>  Sun, 16 Jul 2006 21:37:58 +0200
 
 logcheck (1.2.46) unstable; urgency=low
 

Deleted: logcheck/trunk/rulefiles/linux/ignore.d.paranoid/proftpd
===================================================================

Added: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd	2006-07-16 13:15:59 UTC (rev 1174)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd	2006-07-16 19:39:07 UTC (rev 1175)
@@ -0,0 +1,4 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.[:alnum:]]+  user=[-_.[:alnum:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - PAM\([-_.[:alnum:]]+\): Authentication failure\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-._[:alnum:]]+ \(Login failed\): Limit access denies login$

More information about the Logcheck-commits mailing list