--- logwatch-7.3.4/scripts/services/pam_unix.pom	2006-12-20 16:46:45.000000000 +0100
+++ logwatch-7.3.4/scripts/services/pam_unix	2007-03-08 14:55:17.000000000 +0100
@@ -1,17 +1,8 @@
 use strict;
 ##########################################################################
-# $Id: pam_unix,v 1.29 2006/12/20 15:46:45 bjorn Exp $
+# $Id: pam_unix,v 1.26 2006/01/20 22:31:04 bjorn Exp $
 ##########################################################################
 # $Log: pam_unix,v $
-# Revision 1.29  2006/12/20 15:46:45  bjorn
-# Additional filtering by Ivana Varekova.
-#
-# Revision 1.28  2006/10/20 16:41:38  bjorn
-# Resolve uids, and better capture of authentication failure, by Willi Mann.
-#
-# Revision 1.27  2006/09/15 15:40:58  bjorn
-# Additional filtering by Ivana Varekova.
-#
 # Revision 1.26  2006/01/20 22:31:04  bjorn
 # Handle new pam_unix format, by Ivana Varekova.
 #
@@ -152,18 +143,13 @@
          $data{$service}{'Unknown Entries'}{$line}++;
       }
    } elsif (($service eq 'su') or ($service eq 'sudo') or ($service eq 'su-l')) {
-      if ( my ($logname, $uid, $ruser, $user) = ($line =~ /^authentication failure; logname=(\S*)\s+uid=(\d+) (?:.*ruser=(\S*)\s+)?.*user=(\S*)$/)) {
-         $line = ($logname or $ruser)."($uid) -> $user";
+      if ($line =~ s/^authentication failure; logname=(.*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
          $data{$service}{'Authentication Failures'}{$line}++;
       } elsif ($line =~ /session closed for user/) {
          # ignore this line
-      } elsif (my ($nam, $byid) = ($line =~ /session opened for user (.+) by (.+)$/)) {
-         #resolve uid to name if possible
-         $byid =~ s/\(uid=(\d+)\)/$1/;
-         my $onam = getpwuid($byid) or $byid;
-         $data{$service}{'Sessions Opened'}{"$onam -> $nam"}++;
-      } elsif ($line =~ /^account root has password changed in future/) {
-         #I'm not sure whether this info could not be reported
+      } elsif ($line =~ s/session opened for user (.+) by (.+)$/$2 -> $1/) {
+         $data{$service}{'Sessions Opened'}{$line}++;
+      } elsif ($line =~ /account (.+) has password changed in future/) {
       } else {
          $data{$service}{'Unknown Entries'}{$line}++;
       }
@@ -244,13 +230,12 @@
       if ($line =~ s/^authentication failure; .*uid=(\d+) euid=(\d+) tty=(.+) ruser= rhost=  user=(.+)$/$4($1,$2) on display $3/) {
          $data{$service}{'Authentication Failures'}{$line}++;
       }
-   } elsif ($service =~ /^(f)?crond?$/ ) {
+   } elsif ($service =~ /^crond?$/ ) {
 	   if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
 		   ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
 	   } elsif ($line =~ /session closed for user/) {
 		   # ignore this line
-	   } elsif ($line =~ /^account root has password changed in future/) {
-	          #I'm not sure whether this info could not be reported
+	   } elsif ($line =~ /account (.+) has password changed in future/) {
 	   } else {
 		   $data{$service}{'Unknown Entries'}{$line}++;
 	   }
@@ -270,25 +255,24 @@
       } else {
          $data{$service}{'Unknown Entries'}{$line}++;
       }
-   } elsif ($service eq 'runuser') {
-     if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
-     } else {
-         $data{$service}{'Unknown Entries'}{$line}++;
-     }
    } elsif ($service eq 'atd') {
-     if ($line =~/^session (opened)?(\/)?(closed)? for user [a-zA-Z\d]+/) {
-     } elsif ($line =~ /^account root has password changed in future/) { 
-       #I'm not sure whether this info could not be reported
-     } else {
-         $data{$service}{'Unknown Entries'}{$line}++;
-     }
-   } elsif ($service eq 'system-config-date') {
-     if ($line =~ s/auth could not identify password for \[(.*)\]/$1/) {
-         $data{$service}{'Not Identify Password For'}{$line}++;
-     } else {
+      if ($line =~ s/^session opened for user (.+)/$1/) {
+         $data{$service}{'Sessions Opened'}{$line}++;
+      } elsif ($line =~ s/^session closed for user (.+)/$1/) {
+         $data{$service}{'Password Failures'}{$line}++;
+      } elsif ($line =~ /account (.+) has password changed in future/) {
+      } else {
          $data{$service}{'Unknown Entries'}{$line}++;
-     }
-   } else {      
+      }                                         
+   } elsif ($service eq 'runuser') {
+      if ($line =~ s/^session opened for user (.+)/$1/) {
+         $data{$service}{'Sessions Opened'}{$line}++;
+      } elsif ($line =~ s/^session closed for user (.+)/$1/) {
+         $data{$service}{'Password Failures'}{$line}++;
+      } else {
+           $data{$service}{'Unknown Entries'}{$line}++;                                                            
+      }
+   } else {
       $data{$service}{'Unknown Entries'}{$line}++;
    }
 }