[Logcheck-commits] Hannes von Haugwitz: i.d.s/ssh: ignore "disconnected by user" message ( closes: #567317)

Thu Feb 25 19:20:25 UTC 2010

Module: logcheck
Branch: lenny-backports
Commit: c11d0f36c14c779434c6517cc6c86e6525fa9318
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=c11d0f36c14c779434c6517cc6c86e6525fa9318

Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Thu Jan 28 17:29:00 2010 +0100

i.d.s/ssh: ignore "disconnected by user" message (closes: #567317)

---

 debian/changelog                    |    2 ++
 rulefiles/linux/ignore.d.server/ssh |    1 +
 2 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 76178e7..5985304 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 logcheck (1.3.7) UNRELEASED; urgency=low
 
   [ Hannes von Haugwitz ]
+  * ignore.d.server/ssh:
+    - added rule for "disconnected by user" message (closes: #567317)
   * ignore.d.workstation/ifplugd:
     - added rule for "client: OK" message
 
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index fccf08c..849f9fd 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -11,6 +11,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: disconnected by user$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$


