[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication

Michel Messerschmidt lists at michel-messerschmidt.de
Thu Jul 8 18:17:43 UTC 2010


On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:
> I wonder if the right way of handling this would be to instead install a
> logcheck rule as part of the libpam-krb5 package that looks something
> like:
> 
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$

Ok works fine for me now.

Your rule matches all pam_krb5 success messages on my systems besides 
dovecot, because it uses "dovecot-auth" as the process name.
I propose to enhance the rule to:
  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$






More information about the Logcheck-devel mailing list