Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind

Wed Aug 25 17:12:48 UTC 2004

tags #266432 pending
thanks

On Tue, 17 Aug 2004, Sam Snow wrote:

> Package: logcheck
> Version: 1.2.24
> Severity: wishlist
> 
> pam_winbind, part of the Winbind package which works with Samba
> generates various messages to auth.log. The most common of these
> messages is not ignored by logcheck, but probably should be. 
> 
> Example: 
> Aug 17 14:49:51 wardrobe pam_winbind[31161]: user 'joeuser' granted
> acces
> 
> 
> Other messages are also generated, but should probably *not* be ignored
> (?):
> 
> Aug  7 07:35:09 wardrobe pam_winbind[19822]: request failed: Wrong
> Password, PAM
> error was 7, NT error was NT_STATUS_WRONG_PASSWORD
> 
> 
> Aug  7 07:35:46 wardrobe pam_winbind[19829]: request failed: Account
> locked out, PAM
> error was 11, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT
> 
> 
> Aug  9 20:51:38 wardrobe pam_winbind[24950]: request failed: Password 
> expired, PAM error was 27, NT error was NT_STATUS_PASSWORD_EXPIRED
> 
> 
> Aug 13 15:14:36 wardrobe pam_winbind[1108]: request failed: Must change
> password,
> PAM error was 12, NT error was NT_STATUS_PASSWORD_MUST_CHANGE
> 
> etc. 
> 
> Thank you for your help!
> Sam

added in logcheck cvs for workstation level.
thanks for your bug-report, you may want to test attached
local-winbind in ignore.d.server or ignore.d.workstation 
on your machine and report back.

--
maks

-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user '[_[:alnum:]-]+' granted acces$