[Logcheck-commits] r1418 - in logcheck/trunk: debian
rulefiles/linux/violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Thu Jan 4 18:40:58 CET 2007
Author: madduck
Date: 2007-01-04 18:40:58 +0100 (Thu, 04 Jan 2007)
New Revision: 1418
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are
escalated to violations.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-01-04 17:39:19 UTC (rev 1417)
+++ logcheck/trunk/debian/changelog 2007-01-04 17:40:58 UTC (rev 1418)
@@ -2,8 +2,10 @@
* violations.ignore.d/logcheck-postfix: ignore entries for messages
bounced/deferred by the LDA.
+ * violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are
+ escalated to violations.
- -- martin f. krafft <madduck at debian.org> Thu, 4 Jan 2007 18:37:57 +0100
+ -- martin f. krafft <madduck at debian.org> Thu, 4 Jan 2007 18:40:28 +0100
logcheck (1.2.52) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2007-01-04 17:39:19 UTC (rev 1417)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2007-01-04 17:40:58 UTC (rev 1418)
@@ -8,3 +8,4 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
More information about the Logcheck-commits
mailing list