On Wed, 10 Oct 2012 09:24:26 -0400 CJ Fearnley <c...@linuxforce.net> wrote:
> File: /etc/logcheck/ignore.d.server/saslauthd
> The following patch fixes a bug in the regex for ignoring
> useless lines from saslauthd authentication failures
> (/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system:
>
> -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
> \(pam_unix\) check pass; user unknown$
> +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
> pam_unix\(:auth\): check pass; user unknown$
This looks to still apply some 12 years later, in the sense that the rules have
<usual prefix with saslauthd +PID>: \(pam_unix\) check pass; user unknown$
But im unclear that the new line ' pam_unix\(:auth\): check pass; user
unknown' is the right solution in 2024 - I'd expect something like:
pam_unix\(????:auth\): check pass; user unknown$
but i dont know what the ???? would be.
Think we need an update before this can be applied.
