Package: logcheck-database
Version: 1.2.54
Severity: wishlist
I'm using krb5-kdc (krb5kdc daemon name). I'd like to have added my rules for
this daemon.
Sample syslog entries:
Jan 9 09:36:57 server krb5kdc[2705]: DISPATCH: repeated (retransmitted?)
request from 192.168.1.14, resending previous response
Jan 9 09:36:57 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, [EMAIL
PROTECTED] for krbtgt/[EMAIL PROTECTED]
Jan 9 09:36:57 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, [EMAIL
PROTECTED] for nfs/[EMAIL PROTECTED]
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (3 etypes {18 17 16})
192.168.1.14: NEEDED_PREAUTH: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED],
Additional pre-authentication required
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16},
nfs/[EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
Jan 9 09:36:58 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16}, [EMAIL
PROTECTED] for HTTP/[EMAIL PROTECTED]
Jan 9 09:36:58 server krb5kdc[2705]: AS_REQ (1 etypes {13}) 192.168.1.14:
NEEDED_PREAUTH: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED], Additional
pre-authentication required
New rules for new file ignore.d.server/krb5kdc:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+
etypes {[0-9\ ]+}\) [0-9\.]{7,15}: ISSUE: authtime [0-9]+, etypes {rep=[0-9]+
tkt=[0-9]+ ses=[0-9]+}, [[:alnum:]@/\._\-]+ for [[:alnum:]@/\._\-]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+
etypes {[0-9\ ]+}\) [0-9\.]{7,15}: NEEDED_PREAUTH: [[:alnum:]@/\._\-]+ for
[[:alnum:]@/\._\-]+, Additional pre-authentication required
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: DISPATCH: repeated
\(retransmitted\?\) request from [0-9\.]{7,16}, resending previous response$
- Thomas
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (100, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-amd64
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information excluded
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
