[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.paranoid
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Sat Jul 8 09:31:08 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid
In directory haydn:/tmp/cvs-serv17931/rulefiles/linux/ignore.d.paranoid
Modified Files:
ssh
Log Message:
* jgnore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp
matching usernames to anything non-whitespace in filters about nonexistent
users -- today someone tried to log in as '!@#$%^&*()_+' here!
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/ssh 2005/11/07 14:41:06 1.3
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/ssh 2006/07/08 09:31:08 1.4
@@ -1,2 +1,2 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [^[:space:]]+$
More information about the Logcheck-commits
mailing list