[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Tue Jul 4 20:57:47 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv1149/rulefiles/linux/ignore.d.server
Modified Files:
dovecot kernel
Log Message:
adding dovecot 1.0 rules to ignore all kinds of day-to-day messages that are
uninteresting.
Also removed kernel Ipv6 router solicitation which was already present...
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dovecot 2006/05/24 21:44:59 1.10
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dovecot 2006/07/04 20:57:46 1.11
@@ -2,5 +2,13 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[(::ffff:)?[:0-9a-f.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)\([^[:space:]]+\): File isn't in mbox format: [^[:space:]]+$
# dovecot 1.0
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: user=<[.[:alnum:]@-]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|cram|DIGEST|digest)-(MD5|md5)), rip=(::ffff:)?[:.[:digit:]]+, lip=(::ffff:)?[:0-9a-f.]+(, TLS)?$
-^\w{3} [ :0-9]{11} thetis imap-login: Aborted login \[(::ffff:)?[:0-9a-f.]+]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|cram|DIGEST|digest)-(MD5|md5)), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Aborted login \[(::ffff:)?[:0-9a-f.]+]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Too many invalid commands: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([-_.@[:alnum:]]+\): Disconnected: Logged out top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSLparameters regeneration completed$
+
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/kernel 2006/07/04 18:25:47 1.5
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/kernel 2006/07/04 20:57:46 1.6
@@ -1,7 +1,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: lp[0-9]+ out of paper$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: lp[0-9]+: ECP mode$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: [[:alnum:]]+: no IPv6 routers present$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[.0-9]{7,15} DST=[.0-9]{7,15} LEN=[0-9]+ TOS=0x[0-9]+ PREC=0x[0-9]+ TTL=[0-9]+ ID=[0-9]+ (DF )?PROTO=UDP SPT=[0-9]+ DPT=[0-9]+ LEN=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=5353 DPT=5353 LEN=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=49342 DPT=5353 LEN=[0-9]+$
-
More information about the Logcheck-commits
mailing list