[Logcheck-commits] r1491 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Mon Feb 5 09:32:30 CET 2007 

Author: madduck
Date: 2007-02-05 09:32:29 +0100 (Mon, 05 Feb 2007)
New Revision: 1491

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-saslauthd
Log:
* violations.ignore.d/logcheck-saslauthd: ignore PAM warnings on
  authentication failures.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2007-02-05 08:29:33 UTC (rev 1490)
+++ logcheck/trunk/debian/changelog	2007-02-05 08:32:29 UTC (rev 1491)
@@ -3,8 +3,11 @@
   * violations.ignore.d/logcheck-passwd: ignore PAM warnings on authentication
     failures.
 
- -- martin f. krafft <madduck at debian.org>  Mon,  5 Feb 2007 08:29:03 +0000
+  * violations.ignore.d/logcheck-saslauthd: ignore PAM warnings on
+    authentication failures.
 
+ -- martin f. krafft <madduck at debian.org>  Mon,  5 Feb 2007 08:31:50 +0000
+
 logcheck (1.2.54) unstable; urgency=low
 
   * ignore.d.server/dovecot: also ignore local logins, which are "secured",

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-saslauthd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-saslauthd	2007-02-05 08:29:33 UTC (rev 1490)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-saslauthd	2007-02-05 08:32:29 UTC (rev 1491)
@@ -1,2 +1,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= [[:space:]]*user=[-._[:alnum:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_auth[[:space:]]*: auth failure: \[user=[._[:alnum:]-]+\] \[service=smtp\] \[realm=[._[:alnum:]-]+\] \[mech=pam\] \[reason=PAM auth error\]$

More information about the Logcheck-commits mailing list