[Logcheck-devel] Bug#286307: Updated logcheck webmin rules
Jamie L. Penman-Smithson
jamie at silverdream.org
Tue Feb 1 17:41:52 UTC 2005
tag 286307 pending
thanks!
On Tue, 2005-02-01 at 17:43 +0200, Ognyan Kulev wrote:
> A grep result of auth.log is attached.
>
> There is one more possible message, but I think it's not for logcheck:
>
> Dec 22 22:57:24 dwyn webmin[18988]: Invalid login as ogi from
> localhost.localdomain
I think you'd want to know about invalid login attempts..
Based on the log messages you've given (thanks!) I've created the
following rules, which have been tested against the log lines you gave
me and applied to CVS:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Successful login as
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Logout by
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Timeout of
[[:alnum:]]+ $
Thanks for your help!
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050201/6023872b/attachment.pgp
More information about the Logcheck-devel
mailing list