Bug#346502: [Logcheck-devel] Bug#346502: logcheck-database: new output from su (login)
Jamie L. Penman-Smithson
jamie at silverdream.org
Sat Feb 4 18:20:07 UTC 2006
tags 346502 pending
thanks
On 8 Jan 2006, at 14:20, Lee Maguire wrote:
> An upgrade of the login package to 1:4.0.14 causes the following to be
> sent every morning when cron.daily runs.
>
> Jan 8 06:25:03 enzo su[7896]: Successful su for nobody by root
> Jan 8 06:25:04 enzo su[7899]: Successful su for nobody by root
> Jan 8 06:25:05 enzo su[7901]: Successful su for nobody by root
I've added the following rule, which will be included in the next
release:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:]-]+ by [[:alnum:]-]+$
Thanks for your bug report,
--
-Jamie L. Penman-Smithson <jamie at silverdream.org>
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: oubliette.z at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060204/a4075595/attachment.pgp
More information about the Logcheck-devel
mailing list