[Logcheck-devel] Bug#508335: logcheck-database: xdm rules don't match

[Frédéric Brière]

On Wed, Dec 10, 2008 at 11:21:53AM +0100, Ferenc Wagner wrote:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session 
 opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session 
 closed for user [[:alnum:]-]+$
 
 Of these, the first two haven't got anything to do with xdm and should be 
 removed.

I think they still apply to etch's old libpam, so I'm reluctant to
remove them at the moment.

 The last two on the other hand never matches, as current log lines are 
 formatted like:

Thanks.  I had already applied a similar fix before seeing this bug
report, so I'll add a closing statement in the changelog.


-- 
sangr home is where the highest bandwidth is



___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

[Logcheck-devel] Bug#508335: logcheck-database: xdm rules don't match

[Ferenc Wagner]

Package: logcheck-database
Version: 1.2.68
Severity: normal
Tags: patch

Hi, the current xdm ignore rules read:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session 
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session 
closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]: 
pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by 
\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]: 
pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$

Of these, the first two haven't got anything to do with xdm and should be 
removed.

The last two on the other hand never matches, as current log lines are 
formatted like:

Dec  9 10:21:28 tac xdm[6130]: pam_unix(xdm:session): session opened for user 
wferi by wferi(uid=0)
Dec  9 19:09:20 tac xdm[6130]: pam_unix(xdm:session): session closed for user 
wferi

So I recommend replacing the xdm rules with:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]: 
pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by 
[[:alnum:]-]+\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]: 
pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$

Thanks,
Feri.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- debconf information excluded



___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel