Fix user name regex for logcheck

This commit is contained in:
Wojciech Kozlowski 2019-11-30 14:53:40 +01:00
parent 5259e5a3ec
commit 7a9128258a

View File

@ -33,7 +33,7 @@
^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit ^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\) ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\)
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [_-[:alnum:]]+ from [.[:digit:]]+ port [[:digit:]]+ ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\] ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [_-[:alnum:]]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\] ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\] ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]