[Logcheck-devel] Bug#312729: logcheck-database: reports successful ssh logins

Jamie L. Penman-Smithson jamie at silverdream.org
Fri Jun 10 02:37:42 UTC 2005


package logcheck-database
tags 312729 pending
thanks

On Thu, 2005-06-09 at 22:30 +0100, Lee Maguire wrote:
> Everytime a sucessful ssh login occurs a line such as the following is
> sent:
<snip>

I've modified the rule in CVS, it now matches the messages you supplied:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi|rsa|
dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from
[^[:space:]]+ port [0-9]+( (ssh|ssh2))?$

Thanks for your bug report,

-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050610/65ea716e/attachment.pgp 


More information about the Logcheck-devel mailing list