--- a/fixbot/logwatch/filters.py	Fri Feb 05 21:35:55 2010 +0200
+++ b/fixbot/logwatch/filters.py	Fri Feb 05 21:38:25 2010 +0200
@@ -165,32 +165,29 @@
 # match sudo invocations, reformatting them nicely
 sudo = SyslogFilter('sudo',
     program = "sudo",
-    pattern = "^\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
+    pattern = r"^\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
     format  = "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r",
 )
 
 # match accepted ssh logins
 ssh = SyslogFilter('ssh',
     program = "sshd",
-    pattern = "^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
+    pattern = r"^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
     format  = "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s",
 )
 
 # drops all output from cron
-# XXX: what about su?
+# XXX: what about the same from su?
 cron_killer = SyslogFilter('all',
     program = "cron",
     drop    = True,
 )
 
-#cron_killer = NullFilter(
-#        "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
-#        re.IGNORECASE
-#)
-
 # drops `su nobody` output (from cron)
-su_nobody_killer = NullFilter(
-    "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",
-    re.IGNORECASE
+su_nobody_killer = SyslogFilter('all',
+    program     = "su",
+    pattern     = r"^(Successful su for nobody by root|\+ \?\?\? root:nobody)$",
+    re_flags    = re.IGNORECASE,
+    drop        = True
 )