[Logcheck-commits] r1484 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Tue Jan 30 16:11:44 CET 2007 

Author: madduck
Date: 2007-01-30 16:11:43 +0100 (Tue, 30 Jan 2007)
New Revision: 1484

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore more PAM authentication failure
  messages.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2007-01-30 15:09:41 UTC (rev 1483)
+++ logcheck/trunk/debian/changelog	2007-01-30 15:11:43 UTC (rev 1484)
@@ -31,6 +31,8 @@
     characters in the usernames.
   * ignore.d.server/ssh: ignore messages related to Allow/DenyUsers
     (closes: #407009).
+  * violations.ignore.d/logcheck-ssh: ignore more PAM authentication failure
+    messages.
 
   * ignore.d.server/courier, violations.ignore.d/loghceck-courier: ignore
     SSL/TLS connection errors for all components.
@@ -53,7 +55,7 @@
 
   * Updated Czech debconf translation; thanks Miroslav Kure (closes: #407830).
 
- -- martin f. krafft <madduck at debian.org>  Tue, 30 Jan 2007 15:08:56 +0000
+ -- martin f. krafft <madduck at debian.org>  Tue, 30 Jan 2007 15:11:08 +0000
 
 logcheck (1.2.53) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-30 15:09:41 UTC (rev 1483)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-30 15:11:43 UTC (rev 1484)
@@ -5,6 +5,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$

More information about the Logcheck-commits mailing list