On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote: > I wonder if the right way of handling this would be to instead install a > logcheck rule as part of the libpam-krb5 package that looks something > like: > > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: > pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as > [[:alnum:]...@-]+$
Ok works fine for me now. Your rule matches all pam_krb5 success messages on my systems besides dovecot, because it uses "dovecot-auth" as the process name. I propose to enhance the rule to: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]...@-]+$ _______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel