[Logwatch-Devel] sshd patches for SuSe/openssh/nss_ldap/pam_ldap

David Baldwin david.baldwin at anu.edu.au
Mon Sep 12 21:41:43 MST 2005


Just checked out the latest CVS for these diffs:

Index: conf/logfiles/secure.conf
===================================================================
RCS file: /var/cvs/logwatch/conf/logfiles/secure.conf,v
retrieving revision 1.13
diff -u -r1.13 secure.conf
--- conf/logfiles/secure.conf   18 Apr 2005 21:53:55 -0000      1.13
+++ conf/logfiles/secure.conf   13 Sep 2005 04:38:45 -0000
@@ -19,6 +19,7 @@
  # Note: if these are gzipped, you need to end with a .gz even if
  #       you use wildcards...
  Archive = secure.*
+Archive = secure-*.gz
  Archive = archiv/secure.*
  Archive = authlog.*


Index: scripts/services/sshd
===================================================================
RCS file: /var/cvs/logwatch/scripts/services/sshd,v
retrieving revision 1.46
diff -u -r1.46 sshd
--- scripts/services/sshd       31 Aug 2005 23:19:38 -0000      1.46
+++ scripts/services/sshd       13 Sep 2005 04:38:47 -0000
@@ -117,6 +117,10 @@
         ($ThisLine =~ m/sshd startup\s+succeeded/) or
         ($ThisLine =~ m/sshd shutdown\s+succeeded/) or
         ($ThisLine =~ m/^Invalid user \S+ from [^ ]+/) or
+       ($ThisLine =~ m/^Found matching [DR]SA key: /) or
+       ($ThisLine =~ m/^error: key_read: type mismatch: encoding error/) or
+       ($ThisLine =~ m/^nss_ldap: reconnect/) or
+       ($ThisLine =~ m/^pam_ldap: error trying to bind as user "[^"]+" 
\(Invalid credentials\)/) or
         ($ThisLine =~ m/^\(pam_unix\) .*/)
     ) {
        # Ignore these
@@ -147,7 +151,8 @@
        $NoIdent{$name}++;
     } elsif (
        ($ThisLine =~ m/^fatal: Connection closed by remote host\./ ) or
-      ($ThisLine =~ m/^fatal: Read error from remote host: Connection reset by 
peer/ ) or
+      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): 
Connection reset by peer/ ) or
+      ($ThisLine =~ m/^Read error from remote host [^ ]+: Connection timed out/ 
) or
        ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or
        ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or
        ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or

-- 
=====================================================================+
David Baldwin                   mailto:David.Baldwin at anu.edu.au      |
Supercomputer Facility          URL: http://www.anu.edu.au/~u8611156 |
II Services, Huxley Building    Ph:  {intl+61+2 | (02)} 6125 0321    |
Australian National University  FAX: {intl+61+2 | (02)} 6125 8199    |
Canberra ACT 0200, AUSTRALIA  *======================================+


More information about the Logwatch-Devel mailing list