[Logcheck-users] ignore-rules being ignored?
Kilian
kil at gnu.ch
Wed Sep 20 15:14:18 UTC 2006
Hello All,
I am using logcheck 1.2.39 on Debian and am experiencing that the
following in /etc/logcheck/ignore.d.server/ssh is being ignored:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted
(gssapi|rsa|dsa|password|publickey|keyboard-interactive/pam) for
[^[:space:]]+ from [^[:space:]]+ port [0-9]+ (ssh|ssh2)$
When I test the rule with egrep on /var/log/auth, the lines show up, so
the line should be correct. However, all SSH logins are reported as
Security Events nevertheless... What could this be? I'd be thankful for
any hint!
Greetz,
Kilian
More information about the Logcheck-users
mailing list