Summary
Expand the parser test/fixture matrix with more realistic but sanitized sshd and pam_unix variants so parser behavior is exercised against a broader set of common authentication log patterns.
Scope
- add more representative
sshd variants that stay public-safe and fully sanitized
- add more
pam_unix auth/session variants that are common in Linux auth logs
- preserve placeholder hosts, IPs, usernames, and commands
- keep parser coverage deterministic and easy to understand
Acceptance Criteria
- fixture coverage includes additional real-world-style
sshd and pam_unix variants
- new fixtures remain public-safe and do not include real infrastructure identifiers
- parser tests cover the new variants and clearly account for recognized vs unrecognized lines
- README or docs are updated if supported patterns materially change
Summary
Expand the parser test/fixture matrix with more realistic but sanitized
sshdandpam_unixvariants so parser behavior is exercised against a broader set of common authentication log patterns.Scope
sshdvariants that stay public-safe and fully sanitizedpam_unixauth/session variants that are common in Linux auth logsAcceptance Criteria
sshdandpam_unixvariants