tag 286307 pending thanks! On Tue, 2005-02-01 at 17:43 +0200, Ognyan Kulev wrote: > A grep result of auth.log is attached. > > There is one more possible message, but I think it's not for logcheck: > > Dec 22 22:57:24 dwyn webmin[18988]: Invalid login as ogi from > localhost.localdomain
I think you'd want to know about invalid login attempts..
Based on the log messages you've given (thanks!) I've created the
following rules, which have been tested against the log lines you gave
me and applied to CVS:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Successful login as
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Logout by
[[:alnum:]]+ from [._[:alnum:]-]+ $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Timeout of
[[:alnum:]]+ $
Thanks for your help!
--
-jamie <[EMAIL PROTECTED]> | spamtrap: [EMAIL PROTECTED]
w: http://www.silverdream.org | p: [EMAIL PROTECTED]
pgp key @ http://silverdream.org/~jps/pub.key
21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58
signature.asc
Description: This is a digitally signed message part
