From ae37e39e2ccfac4f25624a62e5f82e963a4f18a4 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 22 Feb 2004 10:07:38 +0000
Subject: Ignore su with ':' as delimiter.

---
 logcheck/violations.ignore.d/local | 2 ++
 logcheck/violations.ignore.d/su    | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 logcheck/violations.ignore.d/su

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 4c5957a..463d983 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -71,6 +71,8 @@ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by
 ### violations.ignore.d/ssh
 sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
 ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+  user=[^[:space:]]+$
+### violations.ignore.d/su
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[[:alnum:]-]+ ?$
 ### violations.ignore.d/temp
 (imap|netatalk|pop|samba)\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*  user=[[:alnum:]]+$
 afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
diff --git a/logcheck/violations.ignore.d/su b/logcheck/violations.ignore.d/su
new file mode 100644
index 0000000..3bf3525
--- /dev/null
+++ b/logcheck/violations.ignore.d/su
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[[:alnum:]-]+ ?$
-- 
cgit v1.2.3