--- a/fixbot/logwatch/filters.py Fri Feb 05 21:35:55 2010 +0200
+++ b/fixbot/logwatch/filters.py Fri Feb 05 21:38:25 2010 +0200
@@ -165,32 +165,29 @@
# match sudo invocations, reformatting them nicely
sudo = SyslogFilter('sudo',
program = "sudo",
- pattern = "^\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
+ pattern = r"^\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; COMMAND=(?P<command>.*)",
format = "%(username)s:%(tty)s - %(target_user)s@%(hostname)s:%(pwd)s - %(command)r",
)
# match accepted ssh logins
ssh = SyslogFilter('ssh',
program = "sshd",
- pattern = "^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
+ pattern = r"^\s*Accepted password for (?P<username>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)",
format = "SSH login for %(username)s@%(hostname)s from %(ip)s:%(port)s",
)
# drops all output from cron
-# XXX: what about su?
+# XXX: what about the same from su?
cron_killer = SyslogFilter('all',
program = "cron",
drop = True,
)
-#cron_killer = NullFilter(
-# "^" + _timestamp + " \S+\s+(CRON|su)\[\d+\]: pam_unix\(cron:\w+\): session (opened|closed) for user \w+( by \(uid=\d+\))?$",
-# re.IGNORECASE
-#)
-
# drops `su nobody` output (from cron)
-su_nobody_killer = NullFilter(
- "^" + _timestamp + " \S+\s+su\[\d+\]: (Successful su for nobody by root|\+ \?\?\? root:nobody)$",
- re.IGNORECASE
+su_nobody_killer = SyslogFilter('all',
+ program = "su",
+ pattern = r"^(Successful su for nobody by root|\+ \?\?\? root:nobody)$",
+ re_flags = re.IGNORECASE,
+ drop = True
)