From a06e7dc6cb5989e9017792bfb9cff8015cc521ad Mon Sep 17 00:00:00 2001
From: Hendrik Jaeger <root@netwichtig.de>
Date: Sat, 5 Oct 2019 12:02:41 +0200
Subject: Update logcheck rules for ssh

---
 files/etc/logcheck/ignore.d.server/local-ssh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh
index 87cfcbf..b3d7e26 100644
--- a/files/etc/logcheck/ignore.d.server/local-ssh
+++ b/files/etc/logcheck/ignore.d.server/local-ssh
@@ -9,7 +9,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+ port [[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from user [[:alnum:]]+ [:[:xdigit:].]+ port [[:digit:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (authenticating|invalid) user [[:alnum:][:punct:]]* [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (authenticating|invalid) user [[:alnum:][:punct:][:space:]]* [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: bad client public DH value \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Change of username or service not allowed: \([^,]*,ssh-connection\) -> \([^,]*,[^)]+\)? \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting (authenticating|invalid) user [[:alnum:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: Change of username or service not allowed: \([^,]*,ssh-connection\) -> \([^,]*,[^)]+\)? \[preauth\]$
-- 
cgit v1.2.3