Package: logcheck-database
Version: 1.3.7
Severity: minor
Tags: patch
The /etc/logcheck/ignore.d.server/schroot fails to detect the "session opened"
messages that are IMHO completely normal. The attached patch solves this.
Cheers,
OdyX
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--- schroot.old 2010-04-22 15:23:56.000000000 +0200
+++ schroot 2010-04-22 15:24:14.000000000 +0200
@@ -1,4 +1,4 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ schroot\[[[:digit:]]+\]: \(pam_unix\)
session opened for user [-_.[:alnum:]]+ by
([-_.[:alnum:]]+)?\(uid=[[:digit:]]+\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ schroot\[[[:digit:]]+\]:
pam_unix\(schroot:session\) session opened for user [-_.[:alnum:]]+ by
([-_.[:alnum:]]+)?\(uid=[[:digit:]]+\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ schroot\[[[:digit:]]+\]:
pam_unix\(schroot:session\):? session opened for user [-_.[:alnum:]]+ by
([-_.[:alnum:]]+)?\(uid=[[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ schroot\[[[:digit:]]+\]:
\[[-._[:alnum:]]+ chroot\] \([-_.[:alnum:]]+->[-_.[:alnum:]]+\) Running login
shell: '[-._/[:alnum:]]+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ schroot\[[[:digit:]]+\]:
\[[-._[:alnum:]]+ chroot\] \([-_.[:alnum:]]+->[-_.[:alnum:]]+\) Running
command: ".+"$