Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
maks attems
debian at sternwelten.at
Wed Aug 25 17:12:48 UTC 2004
tags #266432 pending
thanks
On Tue, 17 Aug 2004, Sam Snow wrote:
> Package: logcheck
> Version: 1.2.24
> Severity: wishlist
>
> pam_winbind, part of the Winbind package which works with Samba
> generates various messages to auth.log. The most common of these
> messages is not ignored by logcheck, but probably should be.
>
> Example:
> Aug 17 14:49:51 wardrobe pam_winbind[31161]: user 'joeuser' granted
> acces
>
>
> Other messages are also generated, but should probably *not* be ignored
> (?):
>
> Aug 7 07:35:09 wardrobe pam_winbind[19822]: request failed: Wrong
> Password, PAM
> error was 7, NT error was NT_STATUS_WRONG_PASSWORD
>
>
> Aug 7 07:35:46 wardrobe pam_winbind[19829]: request failed: Account
> locked out, PAM
> error was 11, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT
>
>
> Aug 9 20:51:38 wardrobe pam_winbind[24950]: request failed: Password
> expired, PAM error was 27, NT error was NT_STATUS_PASSWORD_EXPIRED
>
>
> Aug 13 15:14:36 wardrobe pam_winbind[1108]: request failed: Must change
> password,
> PAM error was 12, NT error was NT_STATUS_PASSWORD_MUST_CHANGE
>
> etc.
>
> Thank you for your help!
> Sam
added in logcheck cvs for workstation level.
thanks for your bug-report, you may want to test attached
local-winbind in ignore.d.server or ignore.d.workstation
on your machine and report back.
--
maks
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user '[_[:alnum:]-]+' granted acces$
More information about the Logcheck-devel
mailing list