[Logcheck-commits] =?UTF-8?Q?Fr=C3=A9d=C3=A9ric=20Bri=C3=A8re?=: i.d.s/ssh: ignore " Too many authentication failures"
Frédéric Brière
fbriere-guest at alioth.debian.org
Mon Jan 16 16:14:54 UTC 2012
Module: logcheck
Branch: master
Commit: 9862e1b8d795d09b22f35fd9729079eaa6188f2f
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=9862e1b8d795d09b22f35fd9729079eaa6188f2f
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Jan 15 20:09:14 2012 -0500
i.d.s/ssh: ignore "Too many authentication failures"
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/ssh | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 768a7b8..3f88990 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ logcheck (1.3.15) UNRELEASED; urgency=low
[ Frédéric Brière ]
* ignore.d.server/ssh:
- ignore "PAM $n more authentication failures"
+ - ignore "Too many authentication failures"
- ignore "Closed due to user request." (closes: #647943)
- ignore "Bye Bye"
- ignore "Connection closed"
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 8d80d27..830402a 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -5,6 +5,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Bad packet length [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Corrupted MAC on input\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for [^[:space:]]* \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (i(llegal|nvalid) user )?[^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [^[:space:]]* \[preauth\]$
More information about the Logcheck-commits
mailing list