Mercurial Mercurial > pvl-verkko / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
etc/syslog.conf
author Tero Marttila <terom@fixme.fi>
Fri, 04 Jan 2013 21:12:18 +0200
changeset 56 ff184e09ceb9
parent 55 cbdd49b76f16
child 58 64885a7c6e85
permissions -rw-r--r--
pvl.syslog.filter: fix true/false/filenotfound snafu 
format      = {host} {msg}

[sudo]
program     = sudo
pattern     = ^\s*(?P<username>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<target_user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*)

format      = {login}:{tty} - {user}@{host}:{pwd} - {command!r}

#pattern     = \s*(?P<login>\S+) : TTY=(?P<tty>\S+)\s; PWD=(?P<pwd>.+?)\s; USER=(?P<user>\S+)\s;( COMMAND=(?P<command>.*)

[puppet_readshadow]
program     = sudo
pattern     = \s*(?P<login>puppet) : TTY=(?P<tty>\S+)\s; PWD=(?P<pwd>.+?)\s; USER=(?P<user>root)\s; COMMAND=(?P<command>/usr/bin/getent shadow \w+)
format      = 


[ssh]
program     = sshd
pattern     = \s*Accepted password for (?P<user>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)
format      = SSH login for {user}@{host} from {ip}

[cron]
program     = cron

[su_nobody]
program     = su
pattern     = Successful su for nobody by root|\+ \?\?\? root:nobody

[puppet]
program     = puppet
pvl-verkko