--- logwatch-svn110/scripts/services/pluto	2010-05-01 04:36:08.000000000 +0200
+++ logwatch-svn110-new/scripts/services/pluto	2012-08-29 10:53:35.760260333 +0200
@@ -76,6 +76,12 @@
    $today="$month $day";
 
    next unless ($process =~ /pluto/i);
+   $iserror=0;
+
+   if ($conn eq "ERROR:") {
+      $iserror = 1;
+      ($junk,$conn,$msg)=split(/ +/,$msg,3);
+   }
 
    $loglines{$today}++;
 
@@ -143,7 +149,7 @@
    next if($rest =~ /no suitable connection for peer/);
    next if($rest =~ /sending encrypted notification/);
    next if($rest =~ /enabling possible NAT-traversal with method/);
-   next if($rest =~ /received Vendor ID payload/);
+   next if($rest =~ /(received|ignoring) Vendor ID payload/);
    next if($rest =~ /ignoring unknown Vendor ID payload/);
    next if($rest =~ /Dead Peer Detection \(RFC 3706\): enabled/);
    next if($rest =~ /DPD: No response from peer - declaring peer dead/);
@@ -152,6 +158,21 @@
    next if($rest =~ /discarding packet received during asynchronous work \(DNS or crypto\) in STATE_(MAIN|QUICK)_../);
    next if($rest =~ /STATE_(MAIN|QUICK)_[RI][1-3]: sent [MQ][RI][1-3], expecting [MQ][IR][1-3]/);
    next if($rest =~ /STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2/);
+   next if($rest =~ /down-client output/);
+   next if($rest =~ /(restore|update)resolvconf-client output/);
+   next if($rest =~ /transform .* ignored/);
+   next if($rest =~ /multiple DH groups were set in aggressive mode\./);
+   next if($rest =~ /received mode cfg reply/);
+   next if($rest =~ /modecfg: Sending IP request/);
+   next if($rest =~ /setting .* address to/);
+   next if($rest =~ /STATE_XAUTH_I1: XAUTH client - awaiting CFG_set/);
+   next if($rest =~ /initiating Aggressive Mode/);
+   next if($rest =~ /Aggressive mode peer ID is/);
+   next if($rest =~ /protocol\/port in Phase \d ID Payload must be/);
+   next if($rest =~ /XAUTH: Bad Message: /);
+   next if($rest =~ /XAUTH: Answering XAUTH challenge with user/);
+   next if($rest =~ /Received IP4|DNS|subnet /);
+   next if($rest =~ /sendto on .* to .* failed in delete notify/);
    $relevantlog{"$today"}++;
 
    print STDERR "Rest is $rest\n" if $debug>1;
@@ -224,6 +245,9 @@
       $rekeyfail{$conn}++;
       $rekeyfail_ICMPunreachable{$conn}++;
 
+   } elsif($rest =~ /XAUTH: Successfully Authenticated/) {
+      $xauthsuccess{$conn}++;
+
    } elsif($rest =~ /starting keying attempt (.*) of an unlimited number/) {
       $lastattempt=$1;
       if($maxattempts{$conn} < $lastattempt) {
@@ -272,6 +296,9 @@
       if($setupfail{$conn} > 0) {
          print "\tSetup failures: ".$setupfail{$conn}."\n";
       }
+      if($xauthsuccess{$conn} > 0) {
+         print "\tXAUTH successful connections: ".$xauthsuccess{$conn}."\n";
+      }
       if($crlUpdate{$conn} > 0) {
          print "\tOverdue CRL update since: ".$crlUpdateSince{$conn}." (".$crlUpdate{$conn}." times)\n";
       }