[Logcheck-commits] [SCM] logcheck source and rules branch, master, updated. debian/1.3.14-13-gd7e9a7b
Frédéric Brière
fbriere at fbriere.net
Mon Jan 16 16:15:00 UTC 2012
The following commit has been merged in the master branch:
commit f8b03895b728c0b99ccc6c611b1d258eea158dbb
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Jan 15 19:45:58 2012 -0500
i.d.s/ssh: ignore "Bye Bye"
diff --git a/debian/changelog b/debian/changelog
index 69d4cb9..b514e04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ logcheck (1.3.15) UNRELEASED; urgency=low
* ignore.d.server/ssh:
- ignore "PAM $n more authentication failures"
- ignore "Closed due to user request." (closes: #647943)
+ - ignore "Bye Bye"
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Fri, 16 Dec 2011 08:06:47 +0100
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 5df801f..9b8b7c1 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -12,6 +12,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
--
logcheck source and rules
More information about the Logcheck-commits
mailing list