[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server

CVS User madduck logcheck-devel at lists.alioth.debian.org
Wed Jul 5 20:45:53 UTC 2006 

Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv27660/rulefiles/linux/ignore.d.server

Modified Files:
	proftpd 
Log Message:
* ignore.d.server/proftpd: ignoring logins with unknown users.


--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/proftpd	2006/07/04 22:13:52	1.9
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/proftpd	2006/07/05 20:45:53	1.10
@@ -1,7 +1,9 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )FTP session (opened|closed)\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )(USER|ANON) [._[:alnum:]-]+: Login successful\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - ANON (anonymous|ftp): Login successful.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - FTP no transfer timeout, disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Login successful\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login successful.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user found from \([._[:alnum:]-]+ \[[.:[:xdigit:]]+\]\) to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user '[-_.[:alnum:]]+'$

More information about the Logcheck-commits mailing list