--- logwatch-svn110-dist/scripts/services/secure	2012-09-27 10:01:34.178205179 +0200
+++ logwatch-svn110-new/scripts/services/secure	2012-09-27 10:38:06.128565662 +0200
@@ -198,7 +198,7 @@
    #Woody - specific, thanks to Michael Stovenour
    if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; }
 
-   if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid < 100\" (was|not) met by user /) or
+   if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid (<|>)=? 1000?\" (was|not) met by user /) or
       ( $ThisLine =~ /pam_rhosts_auth\[\d+\]: allowed to [^ ]+ as \w+/) or
       ( $ThisLine =~ /pam_rhosts_auth\([^\)]+\): allowed to [^ ]+ as \w+/) or
       ( $ThisLine =~ /^(.*)\(pam_unix\)/) or
@@ -226,6 +226,8 @@
       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: authentication failure/) or
       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: check pass; user unknown/) or
       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or
+      ( $ThisLine =~ /sshd\[\d+\]: Server listening on/) or
+      ( $ThisLine =~ /sshd\[\d+\]: Received signal \d+; terminating/) or
       ( $ThisLine =~ /^ipop3d\[\d+\]:/) or
       ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
       ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
@@ -233,6 +235,8 @@
       ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
       ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
       ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
+      ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or
+      ( $ThisLine =~ /^login: pam_securetty(.*): cannot determine username/) or
       ( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
       ( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or   # done in pam_unix
       ( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or
@@ -261,7 +265,8 @@
       ( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or
       ( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
       ( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
-      ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
+      ( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
+      ( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
       ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
       ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or    # Details in other messages
       ( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or    # Details in other messages
@@ -360,7 +365,7 @@
       $NoIP->{$ThisLine}++;
    } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) {
       $Error{$Service}{$Err}++;
-   } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) {
+   } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR ([^ ]+)?, .*)$/ ) ) {
       $Error{$Service}{$Err}++;
    } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) {
       $Error{$Service}{$Err}++;