[Logcheck-devel] Bug#286307: Updated logcheck webmin rules

[Jamie L. Penman-Smithson]

tag 286307 pending
thanks!

On Tue, 2005-02-01 at 17:43 +0200, Ognyan Kulev wrote:
> A grep result of auth.log is attached.
> 
> There is one more possible message, but I think it's not for logcheck:
> 
> Dec 22 22:57:24 dwyn webmin[18988]: Invalid login as ogi from 
> localhost.localdomain

I think you'd want to know about invalid login attempts..

Based on the log messages you've given (thanks!) I've created the
following rules, which have been tested against the log lines you gave
me and applied to CVS:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Successful login as
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Logout by
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Timeout of
[[:alnum:]]+ $

Thanks for your help!

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 21:30:02 up 17 min,  2 users,  load average: 2.65, 2.52, 1.58

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050201/6023872b/attachment.pgp