Can someone provide a regex that handles this line in /var/log/secure? I tried a couple of things, and don't seem to get it, even trying to copy and adapt one that's already there. Here's the line:
Nov 11 13:00:01 boston systemd[2322963]: pam_unix(systemd-user:session): session opened for user root(uid=0) by root(uid=0)
I'm getting these in LFD Log Scanner reports
Need some help with a log regex
Re: Need some help with a log regex
What are you looking for the REGEX to do with that info?
Sergio
Sergio
Re: Need some help with a log regex
I think we got it solved. Basically, since those messages are being generated from Cron jobs, my goal was to filter them out of the (secure) log file, without removing them from the log itself.
Here's the regex we came up with, which seems to be working:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd\[[[:digit:]]+\]: pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by root\(uid=0\)
I also created one for mailman, since we're not using it on this server.
Here's the regex we came up with, which seems to be working:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd\[[[:digit:]]+\]: pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by root\(uid=0\)
I also created one for mailman, since we're not using it on this server.