logcheck / regexp question
John Oliver
john.oliver at hosting.com
Wed Aug 8 23:04:27 PDT 2001
root wrote:
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Aug 8 22:50:31 monitor1 sshd[9275]: log: ROOT LOGIN as 'root' from ns.mrtg-monitoring.net
I'm trying to ignore this line in logcheck.ignore with little luck.
I've tried:
sshd.*log: ROOT LOGIN*
sshd.*log: ROOT LOGIN.*
sshd.*log: ROOT LOGIN as \'root\' from ns.mrtg-monitoring.net
...and a few other variations. Seeing as how, as things stand now, I'll
get one of these emails every five minutes, I'm very interested in
hitting on just the right combo that will hopefully still show any other
root logins... :-)
--
John Oliver
System Administrator
Hosting.com, an Allegiance Telecom company
Formerly CONNECTnet
mailto:john.oliver at hosting.com
t 858.638.2020
http://www.hosting.com/
More information about the KPLUG-List
mailing list