On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:
> I wonder if the right way of handling this would be to instead install a
> logcheck rule as part of the libpam-krb5 package that looks something
> like:
>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?:
> pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as
> [[:alnum:]...@-]+$
Ok works fine for me now.
Your rule matches all pam_krb5 success messages on my systems besides
dovecot, because it uses "dovecot-auth" as the process name.
I propose to enhance the rule to:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?:
pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as
[[:alnum:]...@-]+$
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
