diff -up logwatch-7.3.6/scripts/services/sudo.pom logwatch-7.3.6/scripts/services/sudo
--- logwatch-7.3.6/scripts/services/sudo.pom	2006-04-13 01:17:09.000000000 +0200
+++ logwatch-7.3.6/scripts/services/sudo	2007-10-12 12:20:43.000000000 +0200
@@ -31,7 +31,11 @@ my $CmdsThresh = $ENV{'command_run_thres
 my ($user, $error, $tty, $dir, $euser, $cmd, $args);
 
 while (defined(my $ThisLine = <STDIN>)) {
-   if ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*(\w+) : (.*; )?TTY=(\S+) ; PWD=(.*?) ; USER=(\S+) ; COMMAND=(\S+)( ?.*)/) {
+   if ($ThisLine =~ /pam_unix\(sudo:auth\): authentication failure; logname=\S* uid=[0-9]* euid=[0-9]* tty=\S* ruser=\S* rhost=\S*  user=\S*/)
+	# this log is parsed in pam_unix section
+   {    
+     # Ignore
+   }elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*(\w+) : (.*; )?TTY=(\S+) ; PWD=(.*?) ; USER=(\S+) ; COMMAND=(\S+)( ?.*)/) {
       push @{$byUser{$user}{$euser}}, [$error . $cmd,$args, $dir, $tty];
       $byUserSum{$user}{$euser}{$cmd} += 1;
    } elsif ( ($user,$euser) = $ThisLine =~ /^\s*(\w+) : no passwd entry for (\w+)\!$/) {