[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication

Hannes von Haugwitz hannes at vonhaugwitz.com
Thu Jul 8 19:03:11 UTC 2010


Michel Messerschmidt wrote:
> On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:
>> I wonder if the right way of handling this would be to instead install a
>> logcheck rule as part of the libpam-krb5 package that looks something
>> like:
>>
>> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
> 
> Ok works fine for me now.
> 
> Your rule matches all pam_krb5 success messages on my systems besides 
> dovecot, because it uses "dovecot-auth" as the process name.
> I propose to enhance the rule to:
>   ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
> 
> 

Valid point. Fixed in e786dd9.

Greetings

Hannes





More information about the Logcheck-devel mailing list