also keep in mind that you might need to edit logcheck.violations.ignore if these entries are showing up in the "Possible Security Violations" section of the email.
mike On Wed, 2004-04-14 at 12:01, Jeff Coppock wrote: > I'm having trouble with getting entries here to work. I have the > following /var/log/auth.log messages that I want to filter out of > logcheck (version 1.2.16, sarge): > > CRON[15302]: (pam_unix) session opened for user root by (uid=0) > CRON[15302]: (pam_unix) session closed for user root > CRON[15613]:(pam_unix) session opened for user mail by (uid=0) > CRON[15613]:(pam_unix) session closed for user mail > > So, I have the following entry in /etc/logcheck/logcheck.ignore: > > CRON.*: \(pam_unix\) session (opened|closed) for user (root|mail) .* > > However, logcheck still reports these messages on every run. I'm barely > a novice at regex and came up with this entry by googling around. > > Could there be something I need to add to the logcheck.conf file to make > this work? > > Is my entry botched? > > The actual log messages also include the date/time/hostname. Do I need > to account for that in the entry? > > thanks, > jc > > -- > Jeff Coppock Systems Engineer > Diggin' Debian Admin and User > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
