Mercurial Mercurial > pvl-verkko / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
syslog.conf.dist: parse pam service messages, and ignore normal sudo messages
authorTero Marttila <terom@paivola.fi>
Sat, 12 Jan 2013 21:49:14 +0200
changeset 103 34a13d0db4a0
parent 102 87ee46067066
child 105 2b9510d12465
syslog.conf.dist: parse pam service messages, and ignore normal sudo messages
etc/syslog.conf.dist file | annotate | diff | comparison | revisions 
--- a/etc/syslog.conf.dist	Sat Jan 12 21:48:50 2013 +0200
+++ b/etc/syslog.conf.dist	Sat Jan 12 21:49:14 2013 +0200
@@ -1,4 +1,4 @@
-irk     = irc://syslog@irc-test/test
+#irk     = irc://syslog@irc-test/test
 
 # TODO: implements meta-attrs across rule tree to classify hosts?
 #[tag]
@@ -12,6 +12,15 @@
 [auth]
     facility    = auth*
 
+    [[pam]]
+    pattern     = (?P<pam>pam_\w+)\((?P<pam_service>.+?):(?P<pam_type>.+?)\): (?P<msg>.+)
+    
+    # at least debian wheezy's pam_unix syslogs session open/close at LOG_INFO
+    [[[pam-sudo]]]
+    pam_service = sudo
+    severity    = info
+    format      = # ignore
+
     [[sudo]]
     program     = sudo
     pattern     = (?P<login>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*)
pvl-verkko