Mercurial Mercurial > pvl-verkko / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
etc/syslog.conf
author Tero Marttila <terom@fixme.fi>
Fri, 04 Jan 2013 21:31:35 +0200
changeset 62 c4798663e57c
parent 58 64885a7c6e85
child 66 1e3a144f25c0
permissions -rw-r--r--
pvl.syslog.rule: provide format for default rule 
format      = {host} {msg}

[sudo]
program     = sudo
pattern     = ^\s*(?P<login>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*)

format      = {login}:{tty} - {user}@{host}:{pwd} - {command!r}

#pattern     = \s*(?P<login>\S+) : TTY=(?P<tty>\S+)\s; PWD=(?P<pwd>.+?)\s; USER=(?P<user>\S+)\s;( COMMAND=(?P<command>.*)

[puppet_readshadow]
rule        = sudo
login       = puppet
user        = root
command     = /usr/bin/getent shadow \w+
format      = 


[ssh]
program     = sshd
pattern     = \s*Accepted password for (?P<user>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)
format      = SSH login for {user}@{host} from {ip}

[cron]
program     = cron

[su_nobody]
program     = su
pattern     = Successful su for nobody by root|\+ \?\?\? root:nobody

[puppet]
program     = puppet
pvl-verkko