[Logcheck-devel] Bug#483214: logcheck-database: updated ssh rule - ignore hostbased auth method messages
Tilman Koschnick
til at subnetz.org
Tue May 27 20:03:26 UTC 2008
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
Hi,
attached is an updated ssh rule, to ignore login messages for the
hostbased auth method as well. Would be nice if this gets included in
logcheck-database.
Cheers, Til
-------------- next part --------------
--- ssh.orig 2008-05-27 21:43:15.855035352 +0200
+++ ssh 2008-05-27 21:43:49.285481804 +0200
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
More information about the Logcheck-devel
mailing list