diff --git a/logwatch-secure-update.patch b/logwatch-secure-update.patch
index bf3d990..780eb27 100644
--- a/logwatch-secure-update.patch
+++ b/logwatch-secure-update.patch
@@ -1,5 +1,5 @@
---- scripts/services/secure.orig	2012-04-27 10:13:45.400513896 +0200
-+++ scripts/services/secure	2012-05-03 10:46:17.000000000 +0200
+--- scripts/services/secure.orig	2012-04-27 10:13:45.000000000 +0200
++++ scripts/services/secure	2012-05-04 12:44:23.350831876 +0200
 @@ -210,6 +210,7 @@ while (defined($ThisLine = <STDIN>)) {
        ( $ThisLine =~ /^pam_xauth\[\d+\]: call_xauth: child returned \d/) or
        ( $ThisLine =~ /^su\[\d+\]: pam_authenticate: Authentication failure/) or
@@ -8,11 +8,12 @@
        ( $ThisLine =~ /^reboot:/) or
        ( $ThisLine =~ /^sudo:/) or
        ( $ThisLine =~ /^su: pam_unix2: session (started|finished) for user [^ ]+, service [^ ]+/) or
-@@ -262,7 +263,10 @@ while (defined($ThisLine = <STDIN>)) {
+@@ -262,7 +263,11 @@ while (defined($ThisLine = <STDIN>)) {
        ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
        ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
        ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or    # Details in other messages
 -      ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/)
++      ( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or    # Details in other messages
 +      ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/) or
 +      ( $ThisLine =~ /pkexec: pam_systemd(.*): /) or
 +      ( $ThisLine =~ /pkexec: \S+: Executing command /) or
@@ -20,12 +21,13 @@
     ) {
        # Ignore these entries
     } elsif ($ThisLine =~ /^spop3d/ || $ThisLine =~ /^pop\(\w+\)\[\d+\]:/) {
-@@ -378,9 +382,11 @@ while (defined($ThisLine = <STDIN>)) {
+@@ -376,11 +381,11 @@ while (defined($ThisLine = <STDIN>)) {
        $UserLogin{$User}++;
-    } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user `(.+)'/$1/ ) {
+    } elsif ( ($User,undef) = ($ThisLine =~ /^com.apple.SecurityServer: authinternal authenticated user ([^ ]+) .*/ )) {
+       $UserLogin{$User}++;
+-   } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user `(.+)'/$1/ ) {
++   } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user ['`](.+)'/$1/ ) {
        $DeletedUsers .= "   $ThisLine\n";
-+   } elsif ( $ThisLine =~ s/^userdel: delete user '(.+)'/$1/ ) {
-+      $DeletedUsers .= "   $ThisLine\n";
     } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) {
        $NewUsers .= "   $ThisLine\n";
 -   } elsif ( $ThisLine =~ s/^userdel\[\d+\]: remove(?:d)? group `(\S+)'( owned by \S+)?/$1/ ) {
@@ -33,13 +35,14 @@
        $DeletedGroups .= "   $ThisLine\n";
     } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) {
        $DeletedGroups .= "   $ThisLine\n";
-@@ -421,6 +427,9 @@ while (defined($ThisLine = <STDIN>)) {
+@@ -421,6 +426,10 @@ while (defined($ThisLine = <STDIN>)) {
        $XauthMessage{$Message}++;
     } elsif ( ($Group,$NewName) = ($ThisLine =~ /^groupmod\[\d+\]: change group `(.*)' to `(.*)'/)) {
        $GroupRenamed{"$Group -> $NewName"}++;
-+   # } elsif ( ($Group) = ($ThisLine =~ /^groupmod: group changed in \/etc\/group (.*)'/)) {
-+   } elsif ( ($Group) = $ThisLine =~ /^groupmod: group changed in \/etc\/group \(group (\S+)\):.*/) {
-+      $GroupChanged{"$Group"}++;
++   } elsif ( $ThisLine =~ s/^groupmod\[\d+\]: group changed in \/etc\/group \(group (.+)\/(\d+)\).*/$1 ($2)/) {
++      $GroupChanged{"$ThisLine"}++;
++   } elsif ( $ThisLine =~ s/^groupmod\[\d+\]: group changed in \/etc\/group \(group (.+)\/\d+, new name: (.+)\).*/$1 -> $2/) {
++      $GroupChanged{"$ThisLine"}++;
     } elsif ( ($User,$Home,$NewHome) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' home from `(.*)' to `(.*)'/)) {
        $HomeChange{$User}{"$Home -> $NewHome"}++;
     } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]:change user `(.*)' UID from `(.*)' to `(.*)'/)) {
diff --git a/logwatch-systemd-logind.patch b/logwatch-systemd-logind.patch
index 7ff4524..143715f 100644
--- a/logwatch-systemd-logind.patch
+++ b/logwatch-systemd-logind.patch
@@ -6,7 +6,7 @@
        ( $ThisLine =~ /pkexec: \S+: Executing command /) or
 -      ( $ThisLine =~ /su: pam_systemd(.*): Failed to parse message: /)
 +      ( $ThisLine =~ /su: pam_systemd(.*): Failed to parse message: /) or
-+      ( $ThisLine =~ /systemd-logind: (New|Removed) session/)
++      ( $ThisLine =~ /systemd-logind\[\d+\]: (New|Removed) session/)
     ) {
        # Ignore these entries
     } elsif ($ThisLine =~ /^spop3d/ || $ThisLine =~ /^pop\(\w+\)\[\d+\]:/) {
diff --git a/logwatch.spec b/logwatch.spec
index bebc5b9..5027bc7 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.4.0
-Release: 11.20120229svn100%{?dist}
+Release: 12.20120229svn100%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@@ -153,6 +153,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %{_mandir}/man*/*
 
 %changelog
+* Fri May 04 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-12.20120425svn100
+- Update secure-update patch
+- Update systemd-logind patch
+
 * Fri Apr 27 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-11.20120425svn100
 - Add dovecot-proxy patch (rhbz#812883)
 - Add secure-update patch (rhbz#809314)