CJ Fearnley
2012-Oct-10 13:24 UTC
[Logcheck-devel] Bug#690145: bad rule in ignore for saslauthd (patch included)
Package: logcheck-database
Version: 1.3.13
Severity: normal
File: /etc/logcheck/ignore.d.server/saslauthd
The following patch fixes a bug in the regex for ignoring
useless lines from saslauthd authentication failures
(/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system:
--- saslauthd.orig 2012-10-10 08:37:50.000000000 -0400
+++ saslauthd 2012-10-10 08:38:10.000000000 -0400
@@ -4,7 +4,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG:
auth_pam: pam_authenticate failed: Authentication failure$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG:
auth_pam: pam_authenticate failed: User not known to the underlying
authentication module$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
\(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
[[:space:]]*user=[-._[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
\(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
pam_unix\(:auth\): check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
do_auth[[:space:]]*: auth failure: \[user=[._[:alnum:]-]+\] \[service=smtp\]
\[realm=[._[:alnum:]-]+\] \[mech=pam\] \[reason=PAM auth error\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
do_request[[:space:]]*: NULL password received$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]:
pam_unix\([[:alnum:]]+:[[:alnum:]]+\): check pass; user unknown$
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
/etc/logcheck/violations.d/logcheck changed [not included]
/etc/logcheck/violations.ignore.d/logcheck-sudo [Errno 2] No such file or
directory: u'/etc/logcheck/violations.ignore.d/logcheck-sudo'
-- no debconf information