[Logcheck-commits] [SCM] logcheck source and rules branch, master, updated. debian/1.3.14-13-gd7e9a7b
Frédéric Brière
fbriere at fbriere.net
Mon Jan 16 16:15:00 UTC 2012
The following commit has been merged in the master branch:
commit d0b7f931d6f215945f79b738e2eecc7990612008
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Jan 15 19:53:21 2012 -0500
i.d.s/ssh: ignore "Connection closed"
diff --git a/debian/changelog b/debian/changelog
index b514e04..7f671c8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ logcheck (1.3.15) UNRELEASED; urgency=low
- ignore "PAM $n more authentication failures"
- ignore "Closed due to user request." (closes: #647943)
- ignore "Bye Bye"
+ - ignore "Connection closed"
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Fri, 16 Dec 2011 08:06:47 +0100
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 9b8b7c1..37743d9 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -15,6 +15,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$
--
logcheck source and rules
More information about the Logcheck-commits
mailing list