On Sat, Mar 29, 2014 at 10:53:09PM +0100, philou wrote: > Current regex in i.d.s/ssh doesn't match when using key exchange > authentication. > > If not using key exchange authentication, the following log message will be > correctly ignored: > > Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from > 192.0.2.60 port 20042 ssh2 > > When using key exchange authentication, the following log message will NOT be > ignored: > > Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from > 192.0.2.60 port 60594 ssh2: RSA > e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c >
Hi Philippe, Could you tell me which option are you using in order to get the latter message? That way I can reproduce it and fix the rule. Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: [email protected] | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 _______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
