These two rules are actually covered by the next ones, as the only
difference is "session" being replaced with "[[:alnum:]]+".
Signed-off-by: Frédéric Brière <[EMAIL PROTECTED]>
---
rulefiles/linux/ignore.d.server/logcheck | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/logcheck
b/rulefiles/linux/ignore.d.server/logcheck
index 767e27f..a2272ec 100644
--- a/rulefiles/linux/ignore.d.server/logcheck
+++ b/rulefiles/linux/ignore.d.server/logcheck
@@ -1,7 +1,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
\(pam_[[:alnum:]]+\) session opened for user [.[:alnum:]-]+ by
(root|LOGIN)?\(uid=0\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
\(pam_[[:alnum:]]+\) session closed for user [.[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
pam_[[:alnum:]]+\([[:alnum:]]+:session\): session opened for user
[.[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
pam_[[:alnum:]]+\([[:alnum:]]+:session\): session closed for user
[.[:alnum:]-]+$
# new pam format
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
pam_[[:alnum:]]+\([[:alnum:]]+:[[:alnum:]]+\): session opened for user
[.[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?:
pam_[[:alnum:]]+\([[:alnum:]]+:[[:alnum:]]+\): session closed for user
[.[:alnum:]-]+$
--
1.5.3.8
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
