Package: logcheck-database
Version: 1.2.68
Severity: normal
Hi,
/etc/logcheck/ignore.d.paranoid/ssh contains the rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]:
pam_[[:alnum:]]+\(ssh:session\): session opened for user [^[:space:]]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]:
pam_[[:alnum:]]+\(ssh:session\): session closed for user [^[:space:]]+$
However, the log lines contain (sshd:session) -- that is, sshd with a
letter d at the end. I guess the fix is obvious. :)
Thanks,
Feri.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
