here's my updated logcheck filter set. please consider adding the appropriate files to the package. ==> /etc/logcheck/ignore.d.server/local-ssh <== ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from (::ffff:)?[.[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from ::ffff:[.[:digit:]]+: [12]: Timeout, server not responding\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Illegal user [-[:alnum:]]+ from (::ffff:)?[.[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ ==> /etc/logcheck/violations.ignore.d/local-ssh <== ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection timed out$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for illegal user [[:alnum:]]+ from [-_.[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Illegal user [[:alnum:]]+ from (::ffff:)?[.[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed keyboard-interactive/pam for illegal user [[:alnum:]]+ from (::ffff:)?[.[:digit:]]+ port [[:digit:]]{1,5} ssh2$ -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)