[Logcheck-devel] Bug#483214: logcheck-database: updated ssh rule - ignore hostbased auth method messages

[Tilman Koschnick]

Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch

Hi,

attached is an updated ssh rule, to ignore login messages for the
hostbased auth method as well. Would be nice if this gets included in
logcheck-database.

Cheers, Til
-------------- next part --------------
--- ssh.orig	2008-05-27 21:43:15.855035352 +0200
+++ ssh	2008-05-27 21:43:49.285481804 +0200
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$