fixbot: comparison logwatch

equal deleted inserted replaced

-:cbc56b7e7c81
+:1711f40a7c39
 return self._filter(match)
 def _filter (self, match) :
 return self.format % match.groupdict()
+_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
 all = FullFilter("all")
-_timestamp = "\w{3} [0-9 ]\d \d{2}:\d{2}:\d{2}"
+all_wo_timestamps = SimpleFilter(
+"all",
+"^" + _timestamp + " (?P<line>.+)$",
+"%(line)s"
+)
 sudo = SimpleFilter(
 "sudo",
 "(?P<hostname>\S+)\s+sudo:\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
 "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r"
 "(?P<success>Accepted|Failed) password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
 "%(success)s login for %(username)s from %(ip)s:%(port)s proto %(proto)s"
 )
 cron_killer = NullFilter(
-"^" + _timestamp + " \S+\s+CRON\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$",
+"^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: \(\w+\) session (opened|closed) for user \w+( by \(uid=\d+\))?$",
 re.IGNORECASE
 )
+su_nobody_killer = NullFilter(
+"^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",
+re.IGNORECASE
+)

changeset 20	1711f40a7c39
parent 19	cbc56b7e7c81