[Logwatch-Devel] logwatch samba:

Markus Lude lude at informatik.uni-tuebingen.de
Sat Dec 10 15:05:01 MST 2005


On Sat, Dec 10, 2005 at 02:04:57PM +0000, Alex Schuilenburg wrote:
> Hi
> 
> The attached patch adds support for the modified samba log message that
> samba on RHEL4 gives.  Namely of the form:
> 
> smbd/service.c:make_connection_snum(648)  fred (192.168.1.3) connect to
> service foo initially as user alexs (uid=500, gid=5000) (pid 11390) : 1
> Time(s)
> 
> where "initially" is now added (and made optional by the patch).
> 
> Hope you find this useful

This breaks the old pattern because of a missing "?". Added below.

> -- Alex
> 
> --- samba	2005/12/10 13:56:37	1.1
> +++ samba	2005/12/10 14:00:47
> @@ -72,7 +72,7 @@
>  		($ThisLine =~ /===============================================================/)
>     ) {
>        #Don't care about these...
> -	} elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^ ]+\)) connect to service ([^ ]+) as user ([^ ]+)/ ) ) {
> +	} elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^ ]+\)) connect to service ([^ ]+)(?: initially) as user ([^ ]+)/ ) ) {

this line should be:
   	} elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^ ]+\)) connect to service ([^ ]+)(?: initially)? as user ([^ ]+)/ ) ) {
                                                                                                             ----------^

>  		$Connect{$Service}{$User}{$Host}++;
>  	} elsif ( ($NoService) = ( $ThisLine =~ /couldn't find service (\S+)/ ) ) {
>  		$NoServ{$NoService}++;

Regards,
Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://www2.list.logwatch.org/pipermail/logwatch-devel/attachments/20051210/5e774a6b/attachment.bin


More information about the Logwatch-Devel mailing list