[Logcheck-devel] Bug#500017: ignore.d.server/ssh: outdated 'reverse mapping checking ... failed' rule

Wed Sep 24 11:26:00 UTC 2008

Package: logcheck-database
Version: 1.2.68
Severity: minor

openssh-server version 1:5.1p1-2

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$

should look like

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ \[[.[:alnum:]:]+\] failed - POSSIBLE BREAK-?IN ATTEMPT!$

that is, IP address in square brackets is included after the hostname. (I'm not sure about IPv6 addresses though.)

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false