Index: head/security/logcheck/Makefile
===================================================================
--- head/security/logcheck/Makefile	(revision 564642)
+++ head/security/logcheck/Makefile	(revision 564643)
@@ -1,105 +1,102 @@
 # Created by: Dan Langille <dan@freebsddiary.org>
 # $FreeBSD$
 
 PORTNAME=	logcheck
-PORTVERSION=	1.3.20
-PORTREVISION=	1
+PORTVERSION=	1.3.22
 CATEGORIES=	security
 MASTER_SITES=	DEBIAN_POOL
 DISTNAME=	${PORTNAME}_${PORTVERSION}
 
 MAINTAINER=	yasu@utahime.org
 COMMENT=	Auditing tool for system logs on Unix boxes
 
 LICENSE=	GPLv2+
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	docbook-to-man>0:textproc/docbook-to-man
 RUN_DEPENDS=	mime-construct:mail/mime-construct \
 		lockfile-create:sysutils/lockfile-progs \
 		bash:shells/bash
 
 # Enable Perl dependency for logtail script
 USES=		perl5 shebangfix tar:xz
 
 LOGCHECK_USER=	logcheck
 LOGCHECK_GROUP=	${LOGCHECK_USER}
 USERS=		${LOGCHECK_USER}
 GROUPS=		${LOGCHECK_GROUP}
 
 BASEDIR?=	# None. portlint compliance
 DBDIR=		${BASEDIR}/var/db/${PORTNAME}
 RUNDIR=		${BASEDIR}/var/run/${PORTNAME}
 
 OPTIONS_DEFINE=	CRON DOCS EXAMPLES
 CRON_DESC=	Install cron script automatically
-.if !defined(BATCH)
 OPTIONS_DEFAULT=CRON
-.endif
 
 WRKSRC=		${WRKDIR}/${PORTNAME}
 BINMODE=	755
 SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
 		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
 		DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON}
 SUB_FILES=	pkg-install pkg-deinstall pkg-message
 PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
 		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
 		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
 SHEBANG_FILES=	src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr
 CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
 		ignore.d.workstation violations.d violations.ignore.d
 DOCS=		AUTHORS CHANGES CREDITS TODO docs/README*
 PORTDOCS=	${DOCS:T}
 MAN1_FILES=	logcheck-test.1
 MAN8_FILES=	logcheck.8 logtail.8 logtail2.8
 REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
 			docs/logtail2.8 docs/README.logcheck \
 			docs/README.logcheck-database docs/README.logtail \
 			etc/logcheck.conf src/logcheck src/logtail2
 
 .include <bsd.port.pre.mk>
 
 do-build:
 .for file in ${REINPLACE_FILES}
 	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
 .endfor
 	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
 	${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete
 
 do-install:
 	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
 		  ${STAGEDIR}${DBDIR} \
 		  ${STAGEDIR}${DOCSDIR} \
 		  ${STAGEDIR}${ETCDIR} \
 		  ${STAGEDIR}${EXAMPLESDIR} \
 		  ${STAGEDIR}${RUNDIR}
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail2 ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \
 		${STAGEDIR}${ETCDIR}/logcheck.conf.sample
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \
 		${STAGEDIR}${ETCDIR}/logcheck.logfiles.sample
 .for i in ${CONFIG_DIRS}
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/${i}
 	${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \
 		${STAGEDIR}${ETCDIR}/${i}
 .endfor
 	${INSTALL_DATA} ${WRKSRC}/src/detectrotate/*.dtr \
 		${STAGEDIR}${DATADIR}/detectrotate
 	${INSTALL_DATA} ${WRKSRC}/debian/logcheck.cron.d \
 		${STAGEDIR}${EXAMPLESDIR}/crontab.in
 	@${ECHO_CMD} '@exec ${CHGRP} -R ${LOGCHECK_GROUP} \
 		${ETCDIR:S|^${PREFIX}/|%D/|} \
 		${DATADIR:S|^${PREFIX}/|%D/|}' >> ${TMPPLIST}
 .for i in ${MAN1_FILES}
 	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN1PREFIX}/man/man1
 .endfor
 .for i in ${MAN8_FILES}
 	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN8PREFIX}/man/man8
 .endfor
 	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}
 
 .include <bsd.port.post.mk>
Index: head/security/logcheck/distinfo
===================================================================
--- head/security/logcheck/distinfo	(revision 564642)
+++ head/security/logcheck/distinfo	(revision 564643)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1551524817
-SHA256 (logcheck_1.3.20.tar.xz) = 9fb6d02b933470d0b1d1efb54ea186e0d0d27336f9d146be592f65ce60dfb3e6
-SIZE (logcheck_1.3.20.tar.xz) = 132004
+TIMESTAMP = 1612336082
+SHA256 (logcheck_1.3.22.tar.xz) = 7bb5de44d945b1ec6556c90ad8e9cb4e6355fc44b6c5653effe00495ec55e84e
+SIZE (logcheck_1.3.22.tar.xz) = 133456
Index: head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh
===================================================================
--- head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh	(revision 564642)
+++ head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh	(revision 564643)
@@ -1,22 +1,11 @@
---- rulefiles/linux/ignore.d.server/ssh.orig	2019-03-01 22:27:31 UTC
+--- rulefiles/linux/ignore.d.server/ssh.orig	2021-01-28 19:50:10 UTC
 +++ rulefiles/linux/ignore.d.server/ssh
 @@ -14,7 +14,7 @@
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
+ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]{1,5}( (ssh|ssh2)( \[preauth\])?)?$
  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]+:)11: (disconnected by user|Closed due to user request\.)$
+ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]{1,5}:)11: (disconnected by user|Closed due to user request\.|Bye Bye \[preauth\])$
 -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$
 +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,255} \[preauth\]$
  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$
-@@ -27,8 +27,8 @@
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
--^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
--^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
-+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: authentication error for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
-+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: unknown user for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: ssh_msg_send: write$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Timeout before authentication for [:[:alnum:].]+$
- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection (timed out|reset by peer)|Broken pipe)$
+ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from( (invalid|authenticating))?( user [^[:space:]]+)? [:[:xdigit:].]+ port [[:digit:]]{1,5}( \[preauth\])?$
Index: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo
===================================================================
--- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo	(revision 564642)
+++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo	(revision 564643)
@@ -1,11 +1,11 @@
---- rulefiles/linux/ignore.d.server/sudo.orig	2018-05-30 21:59:13 UTC
+--- rulefiles/linux/ignore.d.server/sudo.orig	2021-01-30 08:46:14 UTC
 +++ rulefiles/linux/ignore.d.server/sudo
 @@ -1,4 +1,4 @@
 -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
--^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+(\(uid=[[:digit:]]+\))? by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
 -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
 -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
 +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
-+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+(\(uid=[[:digit:]]+\))? by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
 +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
 +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
Index: head/security/logcheck/pkg-plist
===================================================================
--- head/security/logcheck/pkg-plist	(revision 564642)
+++ head/security/logcheck/pkg-plist	(revision 564643)
@@ -1,207 +1,208 @@
 @mode 640
 %%DATADIR%%/detectrotate/10-savelog.dtr
 %%DATADIR%%/detectrotate/20-logrotate.dtr
 %%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
 %%ETCDIR%%/cracking.d/kernel
 %%ETCDIR%%/cracking.d/rlogind
 %%ETCDIR%%/cracking.d/rsh
 %%ETCDIR%%/cracking.d/smartd
 %%ETCDIR%%/cracking.d/tftpd
 %%ETCDIR%%/cracking.d/uucico
 %%ETCDIR%%/ignore.d.paranoid/bind
 %%ETCDIR%%/ignore.d.paranoid/cron
 %%ETCDIR%%/ignore.d.paranoid/incron
 %%ETCDIR%%/ignore.d.paranoid/logcheck
 %%ETCDIR%%/ignore.d.paranoid/postfix
 %%ETCDIR%%/ignore.d.paranoid/ppp
 %%ETCDIR%%/ignore.d.paranoid/pureftp
 %%ETCDIR%%/ignore.d.paranoid/qpopper
 %%ETCDIR%%/ignore.d.paranoid/squid
 %%ETCDIR%%/ignore.d.paranoid/ssh
 %%ETCDIR%%/ignore.d.paranoid/stunnel
 %%ETCDIR%%/ignore.d.paranoid/sysklogd
 %%ETCDIR%%/ignore.d.paranoid/telnetd
 %%ETCDIR%%/ignore.d.paranoid/tripwire
 %%ETCDIR%%/ignore.d.paranoid/usb
 %%ETCDIR%%/ignore.d.server/acpid
 %%ETCDIR%%/ignore.d.server/amandad
 %%ETCDIR%%/ignore.d.server/amavisd-new
 %%ETCDIR%%/ignore.d.server/anacron
 %%ETCDIR%%/ignore.d.server/anon-proxy
 %%ETCDIR%%/ignore.d.server/apache
 %%ETCDIR%%/ignore.d.server/apcupsd
 %%ETCDIR%%/ignore.d.server/arpwatch
 %%ETCDIR%%/ignore.d.server/asterisk
 %%ETCDIR%%/ignore.d.server/automount
 %%ETCDIR%%/ignore.d.server/bind
 %%ETCDIR%%/ignore.d.server/bluez-utils
 %%ETCDIR%%/ignore.d.server/courier
 %%ETCDIR%%/ignore.d.server/cpqarrayd
 %%ETCDIR%%/ignore.d.server/cpufreqd
 %%ETCDIR%%/ignore.d.server/cron
 %%ETCDIR%%/ignore.d.server/cron-apt
 %%ETCDIR%%/ignore.d.server/cups-lpd
 %%ETCDIR%%/ignore.d.server/cvs-pserver
 %%ETCDIR%%/ignore.d.server/cvsd
 %%ETCDIR%%/ignore.d.server/cyrus
 %%ETCDIR%%/ignore.d.server/dcc
 %%ETCDIR%%/ignore.d.server/ddclient
 %%ETCDIR%%/ignore.d.server/dhclient
 %%ETCDIR%%/ignore.d.server/dhcp
 %%ETCDIR%%/ignore.d.server/dictd
 %%ETCDIR%%/ignore.d.server/dkfilter
 %%ETCDIR%%/ignore.d.server/dnsmasq
 %%ETCDIR%%/ignore.d.server/dovecot
 %%ETCDIR%%/ignore.d.server/dropbear
 %%ETCDIR%%/ignore.d.server/dspam
 %%ETCDIR%%/ignore.d.server/epmd
 %%ETCDIR%%/ignore.d.server/exim4
 %%ETCDIR%%/ignore.d.server/fcron
 %%ETCDIR%%/ignore.d.server/ftpd
 %%ETCDIR%%/ignore.d.server/git-daemon
 %%ETCDIR%%/ignore.d.server/gnu-imap4d
 %%ETCDIR%%/ignore.d.server/gps
 %%ETCDIR%%/ignore.d.server/grinch
 %%ETCDIR%%/ignore.d.server/horde3
 %%ETCDIR%%/ignore.d.server/hplip
 %%ETCDIR%%/ignore.d.server/hylafax
 %%ETCDIR%%/ignore.d.server/ikiwiki
 %%ETCDIR%%/ignore.d.server/imap
 %%ETCDIR%%/ignore.d.server/imapproxy
 %%ETCDIR%%/ignore.d.server/imp
 %%ETCDIR%%/ignore.d.server/imp4
 %%ETCDIR%%/ignore.d.server/innd
 %%ETCDIR%%/ignore.d.server/ipppd
 %%ETCDIR%%/ignore.d.server/isdnlog
 %%ETCDIR%%/ignore.d.server/isdnutils
 %%ETCDIR%%/ignore.d.server/jabberd
 %%ETCDIR%%/ignore.d.server/kernel
 %%ETCDIR%%/ignore.d.server/klogind
 %%ETCDIR%%/ignore.d.server/krb5-kdc
 %%ETCDIR%%/ignore.d.server/libpam-krb5
 %%ETCDIR%%/ignore.d.server/libpam-mount
 %%ETCDIR%%/ignore.d.server/logcheck
 %%ETCDIR%%/ignore.d.server/login
 %%ETCDIR%%/ignore.d.server/maradns
 %%ETCDIR%%/ignore.d.server/mldonkey-server
 %%ETCDIR%%/ignore.d.server/mon
 %%ETCDIR%%/ignore.d.server/mountd
 %%ETCDIR%%/ignore.d.server/nagios
 %%ETCDIR%%/ignore.d.server/netconsole
 %%ETCDIR%%/ignore.d.server/nfs
 %%ETCDIR%%/ignore.d.server/nntpcache
 %%ETCDIR%%/ignore.d.server/nscd
 %%ETCDIR%%/ignore.d.server/nslcd
 %%ETCDIR%%/ignore.d.server/openvpn
 %%ETCDIR%%/ignore.d.server/otrs
 %%ETCDIR%%/ignore.d.server/passwd
 %%ETCDIR%%/ignore.d.server/pdns
 %%ETCDIR%%/ignore.d.server/perdition
 %%ETCDIR%%/ignore.d.server/policyd
 %%ETCDIR%%/ignore.d.server/popa3d
 %%ETCDIR%%/ignore.d.server/postfix
 %%ETCDIR%%/ignore.d.server/postfix-policyd
 %%ETCDIR%%/ignore.d.server/ppp
 %%ETCDIR%%/ignore.d.server/pptpd
 %%ETCDIR%%/ignore.d.server/procmail
 %%ETCDIR%%/ignore.d.server/proftpd
 %%ETCDIR%%/ignore.d.server/pure-ftpd
 %%ETCDIR%%/ignore.d.server/pureftp
 %%ETCDIR%%/ignore.d.server/qpopper
 %%ETCDIR%%/ignore.d.server/rbldnsd
 %%ETCDIR%%/ignore.d.server/rpc_statd
 %%ETCDIR%%/ignore.d.server/rsnapshot
 %%ETCDIR%%/ignore.d.server/rsync
 %%ETCDIR%%/ignore.d.server/sa-exim
 %%ETCDIR%%/ignore.d.server/samba
 %%ETCDIR%%/ignore.d.server/saned
 %%ETCDIR%%/ignore.d.server/sasl2-bin
 %%ETCDIR%%/ignore.d.server/saslauthd
 %%ETCDIR%%/ignore.d.server/schroot
 %%ETCDIR%%/ignore.d.server/scponly
 %%ETCDIR%%/ignore.d.server/slapd
 %%ETCDIR%%/ignore.d.server/smartd
 %%ETCDIR%%/ignore.d.server/smbd_audit
 %%ETCDIR%%/ignore.d.server/smokeping
 %%ETCDIR%%/ignore.d.server/snmpd
 %%ETCDIR%%/ignore.d.server/snort
 %%ETCDIR%%/ignore.d.server/spamc
 %%ETCDIR%%/ignore.d.server/spamd
 %%ETCDIR%%/ignore.d.server/squid
 %%ETCDIR%%/ignore.d.server/ssh
 %%ETCDIR%%/ignore.d.server/stunnel
 %%ETCDIR%%/ignore.d.server/su
 %%ETCDIR%%/ignore.d.server/sudo
 %%ETCDIR%%/ignore.d.server/sympa
 %%ETCDIR%%/ignore.d.server/syslogd
 %%ETCDIR%%/ignore.d.server/systemd
+%%ETCDIR%%/ignore.d.server/systemd-logind
 %%ETCDIR%%/ignore.d.server/systemd-timesyncd
 %%ETCDIR%%/ignore.d.server/teapop
 %%ETCDIR%%/ignore.d.server/telnetd
 %%ETCDIR%%/ignore.d.server/tftpd
 %%ETCDIR%%/ignore.d.server/thy
 %%ETCDIR%%/ignore.d.server/ucd-snmp
 %%ETCDIR%%/ignore.d.server/upsd
 %%ETCDIR%%/ignore.d.server/uptimed
 %%ETCDIR%%/ignore.d.server/userv
 %%ETCDIR%%/ignore.d.server/vsftpd
 %%ETCDIR%%/ignore.d.server/watchdog
 %%ETCDIR%%/ignore.d.server/wu-ftpd
 %%ETCDIR%%/ignore.d.server/xinetd
 %%ETCDIR%%/ignore.d.workstation/automount
 %%ETCDIR%%/ignore.d.workstation/bind
 %%ETCDIR%%/ignore.d.workstation/bluetooth-alsa
 %%ETCDIR%%/ignore.d.workstation/bluez-utils
 %%ETCDIR%%/ignore.d.workstation/bonobo
 %%ETCDIR%%/ignore.d.workstation/dhcpcd
 %%ETCDIR%%/ignore.d.workstation/francine
 %%ETCDIR%%/ignore.d.workstation/gconf
 %%ETCDIR%%/ignore.d.workstation/gdm
 %%ETCDIR%%/ignore.d.workstation/hald
 %%ETCDIR%%/ignore.d.workstation/hcid
 %%ETCDIR%%/ignore.d.workstation/ifplugd
 %%ETCDIR%%/ignore.d.workstation/ippl
 %%ETCDIR%%/ignore.d.workstation/kdm
 %%ETCDIR%%/ignore.d.workstation/kernel
 %%ETCDIR%%/ignore.d.workstation/laptop-mode-tools
 %%ETCDIR%%/ignore.d.workstation/libmtp-runtime
 %%ETCDIR%%/ignore.d.workstation/libpam-gnome-keyring
 %%ETCDIR%%/ignore.d.workstation/logcheck
 %%ETCDIR%%/ignore.d.workstation/login
 %%ETCDIR%%/ignore.d.workstation/net-acct
 %%ETCDIR%%/ignore.d.workstation/nntpcache
 %%ETCDIR%%/ignore.d.workstation/polypaudio
 %%ETCDIR%%/ignore.d.workstation/postfix
 %%ETCDIR%%/ignore.d.workstation/ppp
 %%ETCDIR%%/ignore.d.workstation/proftpd
 %%ETCDIR%%/ignore.d.workstation/pump
 %%ETCDIR%%/ignore.d.workstation/sendfile
 %%ETCDIR%%/ignore.d.workstation/slim
 %%ETCDIR%%/ignore.d.workstation/squid
 %%ETCDIR%%/ignore.d.workstation/udev
 %%ETCDIR%%/ignore.d.workstation/wdm
 %%ETCDIR%%/ignore.d.workstation/winbind
 %%ETCDIR%%/ignore.d.workstation/wpasupplicant
 %%ETCDIR%%/ignore.d.workstation/xdm
 %%ETCDIR%%/ignore.d.workstation/xlockmore
 %%ETCDIR%%/violations.d/kernel
 %%ETCDIR%%/violations.d/logcheck
 %%ETCDIR%%/violations.d/smartd
 %%ETCDIR%%/violations.d/su
 %%ETCDIR%%/violations.d/sudo
 %%ETCDIR%%/violations.ignore.d/logcheck-su
 %%ETCDIR%%/violations.ignore.d/logcheck-sudo
 @sample %%ETCDIR%%/logcheck.conf.sample
 @sample %%ETCDIR%%/logcheck.logfiles.sample
 @mode
 bin/logcheck-test
 man/man1/logcheck-test.1.gz
 man/man8/logcheck.8.gz
 man/man8/logtail.8.gz
 man/man8/logtail2.8.gz
 sbin/logcheck
 sbin/logtail
 sbin/logtail2
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/crontab.in
 @dir(%%LOGCHECK_USER%%,%%LOGCHECK_GROUP%%,) %%DBDIR%%
 @dir(%%LOGCHECK_USER%%,%%LOGCHECK_GROUP%%,) %%RUNDIR%%