diff -up logwatch-7.3.6/scripts/services/pam_unix.pom logwatch-7.3.6/scripts/services/pam_unix --- logwatch-7.3.6/scripts/services/pam_unix.pom 2009-10-12 14:55:08.000000000 +0200 +++ logwatch-7.3.6/scripts/services/pam_unix 2009-10-12 15:06:46.000000000 +0200 @@ -204,6 +204,8 @@ while ($line = <STDIN>) { } elsif ($service eq 'dovecot') { if ($line =~ s/^authentication failure; .*user=(.+)$/$1/) { $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ /check pass; user unknown/) { + $data{$service}{'Invalid Users'}{'Unknown Account'}++; } else { $data{$service}{'Unknown Entries'}{$line}++; } @@ -225,11 +227,13 @@ while ($line = <STDIN>) { } else { $data{$service}{'Unknown Entries'}{$line}++; } - } elsif ($service eq 'pure-ftpd') { + } elsif (($service eq 'pure-ftpd') || ($service eq 'vsftpd')){ if ($line =~ s/^session opened for user (.+)/$1/) { $data{$service}{'Sessions Opened'}{$line}++; } elsif ($line =~ s/^check pass; (.+)/$1/) { $data{$service}{'Password Failures'}{$line}++; + } elsif ($line =~ s/^authentication failure; .*user=(.+)$/$1/) { + $data{$service}{'Authentication Failures'}{$line}++; } else { $data{$service}{'Unknown Entries'}{$line}++; } @@ -255,7 +259,7 @@ while ($line = <STDIN>) { $data{$service}{'Unknown Entries'}{$line}++; } } elsif (($service eq 'samba') or ($service eq 'smbd')) { - if ($line =~ s/^session opened for user ([a-zA-Z\d]+) by (.+)/$1/) { + if ($line =~ s/^session opened for user (\S+) by (.+)/$1/) { ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; } elsif ($line =~ s/^session closed for user (.+)/$1/) { ($Detail >= 8) && $data{$service}{'Sessions Closed'}{$line}++; @@ -297,7 +301,16 @@ while ($line = <STDIN>) { } else { $data{$service}{'Unknown Entries'}{$line}++; } - + } elsif ($service eq 'smtp') { + if ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+).*user=(\S*)$/$1($2) -> $3/) { + $data{$service}{'Authentication Failures'}{$line}++; + } elsif ($line =~ /authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=/) { + # ignore this line + } elsif ($line =~ /check pass; user unknown/) { + $data{$service}{'Invalid Users'}{'Unknown Account'}++; + } else { + $data{$service}{'Unknown Entries'}{$line}++; + } } else { $data{$service}{'Unknown Entries'}{$line}++; }