Karmic has the following rules in violations.ignore.d/logcheck-sudo:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
sessi
okay, that was a little hasty. I now think I understand a little
better. The above filters are present to ensure that every sudo event
is handled at the violations layer and not below that.
So, instead of changing these lines, can I suggest we add an extra entry
to /etc/logcheck/violations.igno
