Package: logcheck-database
Version: 1.2.68
Severity: normal
Tags: patch
Hi, the current xdm ignore rules read:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session
closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]:
pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by
\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]:
pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$
Of these, the first two haven't got anything to do with xdm and should be
removed.
The last two on the other hand never matches, as current log lines are
formatted like:
Dec 9 10:21:28 tac xdm[6130]: pam_unix(xdm:session): session opened for user
wferi by wferi(uid=0)
Dec 9 19:09:20 tac xdm[6130]: pam_unix(xdm:session): session closed for user
wferi
So I recommend replacing the xdm rules with:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]:
pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by
[[:alnum:]-]+\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]:
pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$
Thanks,
Feri.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information excluded
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
