[Logcheck-devel] Bug#443178: logcheck: rsync update

[Justin Pryzby]

Package: logcheck-database
Version: 1.2.61
Severity: wishlist

Hello, I'm not sure how I managed to not submit this with my previous
rsync bug.  Current rsync (2.6.9) has the following:

Sep 18 18:30:02 shemp rsync[8587]: connect from localhost (127.0.0.1)
Sep 18 18:30:02 shemp rsyncd[8587]: connect from localhost (127.0.0.1)
Sep 18 18:30:02 shemp rsyncd[8587]: rsync to PATHNAME from USERNAME at localhost (127.0.0.1)

So the following differences remain between debian's logcheck rules
for rsync and my own.

1,2c1,2
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsync(d?)\[[0-9]+\]: connect from [^[:space:]]+ \([0-9.]{7,15}\)$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync (to|on) [[:alnum:]/._-]+ from [@._[:alnum:]-]+ \([0-9.]{7,15}\)$
---
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsync\[[0-9]+\]: connect from [0-9.]{7,15} \([0-9.]{7,15}\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync on [[:alnum:]/._-]+ from [._[:alnum:]-]+ \([0-9.]{7,15}\)$