[Logcheck-devel] Bug#459876: ignore.d.server/krb5kdc: new file & new rules
Thomas Mueller
thomas at chaschperli.ch
Wed Jan 9 08:55:22 UTC 2008
Package: logcheck-database
Version: 1.2.54
Severity: wishlist
I'm using krb5-kdc (krb5kdc daemon name). I'd like to have added my rules for this daemon.
Sample syslog entries:
Jan 9 09:36:57 server krb5kdc[2705]: DISPATCH: repeated (retransmitted?) request from 192.168.1.14, resending previous response
Jan 9 09:36:57 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, user at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at KERBEROS.DOMAIN
Jan 9 09:36:57 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, user at KERBEROS.DOMAIN for nfs/web.elefantag.local at KERBEROS.DOMAIN
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (3 etypes {18 17 16}) 192.168.1.14: NEEDED_PREAUTH: user at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at KERBEROS.DOMAIN, Additional pre-authentication required
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16}, nfs/host.domain.name at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at KERBEROS.DOMAIN
Jan 9 09:36:58 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16}, user at KERBEROS.DOMAIN for HTTP/web.elefantag.local at KERBEROS.DOMAIN
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (1 etypes {13}) 192.168.1.14: NEEDED_PREAUTH: user at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at KERBEROS.DOMAIN, Additional pre-authentication required
New rules for new file ignore.d.server/krb5kdc:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+ etypes {[0-9\ ]+}\) [0-9\.]{7,15}: ISSUE: authtime [0-9]+, etypes {rep=[0-9]+ tkt=[0-9]+ ses=[0-9]+}, [[:alnum:]@/\._\-]+ for [[:alnum:]@/\._\-]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+ etypes {[0-9\ ]+}\) [0-9\.]{7,15}: NEEDED_PREAUTH: [[:alnum:]@/\._\-]+ for [[:alnum:]@/\._\-]+, Additional pre-authentication required
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: DISPATCH: repeated \(retransmitted\?\) request from [0-9\.]{7,16}, resending previous response$
- Thomas
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (100, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-amd64
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information excluded
More information about the Logcheck-devel
mailing list