[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication

Hannes von Haugwitz Thu, 08 Jul 2010 12:07:34 -0700

Michel Messerschmidt wrote:

On Tue, Jul 06, 2010 at 06:26:10PM -0700, Russ Allbery wrote:

I wonder if the right way of handling this would be to instead install a
logcheck rule as part of the libpam-krb5 package that looks something
like:


^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]]+(\[[0-9]+\])?: 
pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as 
[[:alnum:]...@-]+$


Ok works fine for me now.

Your rule matches all pam_krb5 success messages on my systems besidesdovecot, because it uses "dovecot-auth" as the process name.

I propose to enhance the rule to:
  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ [[:alnum:]-]+(\[[0-9]+\])?: 
pam_krb5\([[:alnum:]]+:auth\): user [[:alnum:]-]+ authenticated as 
[[:alnum:]...@-]+$


Valid point. Fixed in e786dd9.

Greetings

Hannes



_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

[Logcheck-devel] Bug#588285: Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication

Reply via email to