[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication
Michel Messerschmidt
lists at michel-messerschmidt.de
Thu Jul 8 18:17:43 UTC 2010
On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:
> I wonder if the right way of handling this would be to instead install a
> logcheck rule as part of the libpam-krb5 package that looks something
> like:
>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
Ok works fine for me now.
Your rule matches all pam_krb5 success messages on my systems besides
dovecot, because it uses "dovecot-auth" as the process name.
I propose to enhance the rule to:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
More information about the Logcheck-devel
mailing list