[Logcheck-devel] Bug#312729: logcheck-database: reports successful ssh logins
Jamie L. Penman-Smithson
jamie at silverdream.org
Fri Jun 10 02:37:42 UTC 2005
package logcheck-database
tags 312729 pending
thanks
On Thu, 2005-06-09 at 22:30 +0100, Lee Maguire wrote:
> Everytime a sucessful ssh login occurs a line such as the following is
> sent:
<snip>
I've modified the rule in CVS, it now matches the messages you supplied:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi|rsa|
dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from
[^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
Thanks for your bug report,
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050610/65ea716e/attachment.pgp
More information about the Logcheck-devel
mailing list