I can confirm what the original bug submitter reported, without the three specified, dsyslog wont log properly ssh authentication failures.
Worse is that nothing is logged if you have the filter regexp
specified. When I have the following:
filter regexp {
message
"(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}";
replace "0.0.0.0";
};
output file { path "/var/log/auth.log"; condition literal { facility auth; }; };
output file { path "/var/log/auth.log"; condition literal { facility authpriv;
}; };
output file { path "/var/log/auth.log"; condition literal { program sshd; }; };
I do not get any ssh login failures logged at all. If I comment out the
filter, they will get logged.
micah
--
pgpaRnAbWxtfN.pgp
Description: PGP signature
