[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication
Hannes von Haugwitz
hannes at vonhaugwitz.com
Thu Jul 8 19:03:11 UTC 2010
Michel Messerschmidt wrote:
> On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:
>> I wonder if the right way of handling this would be to instead install a
>> logcheck rule as part of the libpam-krb5 package that looks something
>> like:
>>
>> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
>
> Ok works fine for me now.
>
> Your rule matches all pam_krb5 success messages on my systems besides
> dovecot, because it uses "dovecot-auth" as the process name.
> I propose to enhance the rule to:
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
>
>
Valid point. Fixed in e786dd9.
Greetings
Hannes
More information about the Logcheck-devel
mailing list