23 Sep
2010
23 Sep
'10
1:11 p.m.
Hello, While checking my logs with pdbtool, I ran into this log message: Sep 23 13:10:03 linux-6y8u sshd[21420]: error: PAM: Authentication failure for root from 192.168.2.52 The attached rule seems to find it correctly: HOST=linux-6y8u MESSAGE=error: PAM: Authentication failure for root from 192.168.2.52 PROGRAM=sshd PID=21420 LEGACY_MSGHDR=sshd[21420]: .classifier.class=system .classifier.rule_id=55ec76e0-c709-11df-b62d-000c298c9ba2 usracct.username=root usracct.device=192.168.2.52 usracct.type=login usracct.sessionid=21420 usracct.application=sshd secevt.verdict=REJECT Bye, -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/