[Logcheck-commits] r1418 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Thu Jan 4 18:40:58 CET 2007 

Author: madduck
Date: 2007-01-04 18:40:58 +0100 (Thu, 04 Jan 2007)
New Revision: 1418

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are
  escalated to violations.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2007-01-04 17:39:19 UTC (rev 1417)
+++ logcheck/trunk/debian/changelog	2007-01-04 17:40:58 UTC (rev 1418)
@@ -2,8 +2,10 @@
 
   * violations.ignore.d/logcheck-postfix: ignore entries for messages
     bounced/deferred by the LDA.
+  * violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are
+    escalated to violations.
 
- -- martin f. krafft <madduck at debian.org>  Thu,  4 Jan 2007 18:37:57 +0100
+ -- martin f. krafft <madduck at debian.org>  Thu,  4 Jan 2007 18:40:28 +0100
 
 logcheck (1.2.52) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-04 17:39:19 UTC (rev 1417)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-04 17:40:58 UTC (rev 1418)
@@ -8,3 +8,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$

More information about the Logcheck-commits mailing list