-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 tags 703936 + patch thanks
Hi, replacing [^'] with [^[:space:] does the trick here. cheers, piem -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJVxG/7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCODhBNTA3MkQ0OTE1QUVDRjgxQTI0MzQ2 QTQ5QjE5NzI4QUJERDkyAAoJEGpJsZcoq92SeVEP/ReFS6gHhpgDJVzJNVJ3Pbvq iRHiZKWI22R0WaCgt1tzmQuYS4Ogf4JrpRkMUF5yBxl/ePmOz0MpaVjnlB2aMAFI gyEZQNXLxMl5ImggjHM1K2czZcFF9Cw8TSfMuuKc1BzPQ8+dWduW1tBj1VQFn3vp Wu46QW+X9JrUb8CrMR7p4fadf530MLWO3Y/VIKXrdE/XRDaX2lwsj1GVWjyF5yhA 82U+tGr8GIJj4CyBEv/vin0H4n0xU2PE4AcxP2PhDXlbEZP2dsZqlkJfwQDrjwTp 7pKfzyI3wIhywBIiZmMkc0s5LxvJshj/hIUHcf6Mo7OoTmO+HKz3ObBG0QO5oQ6h CuFcZy3PLfGUScS8DJByZHi7mY6V0po9NPvISor6t3Fbp2x5iakc+DqgdEX+RCaf xb+zM9nGIXZ6t0qoooPTE7o6P6Oa4Vo7HDYQMJC6dPvNT5jbGjI8mW5gL6n/SEKi LeUEMBN3om5sJO8pIfhEdg9Dftzbr7FLT09WeYWUCAyDZVj/94sLyJLCymc+SMoy ay8S8UDTXpzU53PsOPxReSNUuZVPlECd0Hpa/f0vPfjpPBRSWetWuE+WT/YtZWqs tE3KKWFSWgGNoUEASGbX1I6XZhJx8mEFJAvoizIgHkzCQq56RPAxaF9nRDwHlvy8 3avrwnnsDK2dJUzU4/iY =uUHi -----END PGP SIGNATURE-----
--- logcheck/ignore.d.server/ssh.orig 2015-05-11 10:57:32.745101129 -0300
+++ logcheck/ignore.d.server/ssh 2015-05-11 10:58:00.849240490 -0300
@@ -1,7 +1,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(:
(RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Address
[._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the
address - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to
[^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol
version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol
version identification ‘[^[:space:]]*’ from ([:.[:xdigit:]]+|UNKNOWN) port
[[:digit:]]{1,5}$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive
identification string from ([:[:xdigit:].]+|UNKNOWN)+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting:
Bad packet length [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting:
Corrupted MAC on input\.$
logchecker-ssh-bad-proto-port-2.patch.sig
Description: Binary data
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
