Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Tags: patch
Hi,
find attached an additional rule for proftpd, and some minor fixes
for the existing ones. Could you please include this in the database?
Cheers, Til
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
=== logcheck/ignore.d.server/proftpd
==================================================================
--- logcheck/ignore.d.server/proftpd (revision 322)
+++ logcheck/ignore.d.server/proftpd (local)
@@ -1,3 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [\._[:alnum:]-]+: Login
successful\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
(opened|closed) for user [\._[:alnum:]-]+( by \(uid=[0-9]+\))$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login
successful\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/0.4: delaying for [0-9]+
usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
(opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\)|)$
