Package: logcheck-database Version: 1.2.69 Severity: wishlist Hello,
when newgrp (part of the package login) is used, I see messages like this in my syslog: Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1) switched to group `backup' Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) switched to group `backup' Aug 27 19:28:19 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) returned to group `root' Aug 27 19:32:37 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0) switched to group `backup' Aug 27 19:34:01 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0) switched to group `backup' Aug 27 19:34:18 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0) returned to group `backup' Aug 27 19:34:22 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0) returned to group `root' Aug 27 19:34:32 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0) switched to group `backup' Aug 27 19:34:55 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0) returned to group `root' The attached file contain a rule to ignore them. I've tested the rule and it is working. With best regards, Martin -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores) Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- no debconf information
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user `[._[:alnum:]-]+' \(login `[._[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to group `[._[:alnum:]-]+'$