[Logcheck-devel] Bug#508335: logcheck-database: xdm rules don't match
On Wed, Dec 10, 2008 at 11:21:53AM +0100, Ferenc Wagner wrote: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ Of these, the first two haven't got anything to do with xdm and should be removed. I think they still apply to etch's old libpam, so I'm reluctant to remove them at the moment. The last two on the other hand never matches, as current log lines are formatted like: Thanks. I had already applied a similar fix before seeing this bug report, so I'll add a closing statement in the changelog. -- sangr home is where the highest bandwidth is ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#508335: logcheck-database: xdm rules don't match
Package: logcheck-database Version: 1.2.68 Severity: normal Tags: patch Hi, the current xdm ignore rules read: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]: pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm: :0\[[0-9]+\]: pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$ Of these, the first two haven't got anything to do with xdm and should be removed. The last two on the other hand never matches, as current log lines are formatted like: Dec 9 10:21:28 tac xdm[6130]: pam_unix(xdm:session): session opened for user wferi by wferi(uid=0) Dec 9 19:09:20 tac xdm[6130]: pam_unix(xdm:session): session closed for user wferi So I recommend replacing the xdm rules with: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]: pam_[[:alnum:]]+\(xdm:session\): session opened for user [[:alnum:]-]+ by [[:alnum:]-]+\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xdm\[[0-9]+\]: pam_[[:alnum:]]+\(xdm:session\): session closed for user [[:alnum:]-]+$ Thanks, Feri. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- debconf information excluded ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel