[Logcheck-users] ssh failed login rule problem
Frédéric Brière
fbriere at fbriere.net
Sat Jul 18 00:53:43 UTC 2009
Sergi Baila <sargue at gmail.com> wrote:
> Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226
> user=root
BTW, this rule has been added in 1.3.2.
> I want to filter it out so, on /etc/logcheck/ignore.d.server/local
Is that file readable by the logcheck user?
> Which I tested as this:
>
> bsg:/etc/logcheck/ignore.d.server# sed -e 's/[[:space:]]*$//'
> /var/log/auth.log | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
You might want to look into grep's -f option. :)
--
How do you power off this machine?
-- Linus, when upgrading linux.cs.helsinki.fi, and after using the
machine for several months
More information about the Logcheck-users
mailing list