[Logcheck-commits] r1134 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Sat Jul 8 11:44:12 UTC 2006
Author: madduck
Date: 2006-07-08 11:44:12 +0000 (Sat, 08 Jul 2006)
New Revision: 1134
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot
Log:
* ignore.d.server/dovecot: fixing filter for dovecot 1.0 logins by removing
the space at the end of the line. Gargh!
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-07-08 11:20:48 UTC (rev 1133)
+++ logcheck/trunk/debian/changelog 2006-07-08 11:44:12 UTC (rev 1134)
@@ -8,8 +8,10 @@
* ignore.d.server/pdns: ignoring warnings about overly large packets, or
packates otherwise of the wrong size.
* ignore.d.server/cron-apt: fixing rules wrt sarge and cleaning up.
+ * ignore.d.server/dovecot: fixing filter for dovecot 1.0 logins by removing
+ the space at the end of the line. Gargh!
- -- martin f. krafft <madduck at debian.org> Sat, 8 Jul 2006 13:01:23 +0200
+ -- martin f. krafft <madduck at debian.org> Sat, 8 Jul 2006 13:43:43 +0200
logcheck (1.2.45) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot 2006-07-08 11:20:48 UTC (rev 1133)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot 2006-07-08 11:44:12 UTC (rev 1134)
@@ -1,9 +1,10 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[(::ffff:)?[:0-9a-f.]+\]$
+# pre 1.0
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[(::ffff:)?[:0-9a-f.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[(::ffff:)?[:0-9a-f.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)\([^[:space:]]+\): File isn't in mbox format: [^[:space:]]+$
-# dovecot 1.0
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Aborted login \[(::ffff:)?[:0-9a-f.]+]$
+# 1.0 and beyond
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login \[(::ffff:)?[:0-9a-f.]+]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Too many invalid commands: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
More information about the Logcheck-commits
mailing list