17 lines
1.1 KiB
Diff
17 lines
1.1 KiB
Diff
diff -up logwatch-7.3.6/scripts/services/sudo.pom logwatch-7.3.6/scripts/services/sudo
|
|
--- logwatch-7.3.6/scripts/services/sudo.pom 2006-04-13 01:17:09.000000000 +0200
|
|
+++ logwatch-7.3.6/scripts/services/sudo 2007-10-12 12:20:43.000000000 +0200
|
|
@@ -31,7 +31,11 @@ my $CmdsThresh = $ENV{'command_run_thres
|
|
my ($user, $error, $tty, $dir, $euser, $cmd, $args);
|
|
|
|
while (defined(my $ThisLine = <STDIN>)) {
|
|
- if ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*(\w+) : (.*; )?TTY=(\S+) ; PWD=(.*?) ; USER=(\S+) ; COMMAND=(\S+)( ?.*)/) {
|
|
+ if ($ThisLine =~ /pam_unix\(sudo:auth\): authentication failure; logname=\S* uid=[0-9]* euid=[0-9]* tty=\S* ruser=\S* rhost=\S* user=\S*/)
|
|
+ # this log is parsed in pam_unix section
|
|
+ {
|
|
+ # Ignore
|
|
+ }elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*(\w+) : (.*; )?TTY=(\S+) ; PWD=(.*?) ; USER=(\S+) ; COMMAND=(\S+)( ?.*)/) {
|
|
push @{$byUser{$user}{$euser}}, [$error . $cmd,$args, $dir, $tty];
|
|
$byUserSum{$user}{$euser}{$cmd} += 1;
|
|
} elsif ( ($user,$euser) = $ThisLine =~ /^\s*(\w+) : no passwd entry for (\w+)\!$/) {
|