[Logcheck-commits] r1212 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Wed Sep 13 16:12:56 UTC 2006 

Author: madduck
Date: 2006-09-13 16:12:56 +0000 (Wed, 13 Sep 2006)
New Revision: 1212

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/proftpd
Log:
* ignore.d.server/proftpd: fixed rule to ignore unknown user logins.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-08-13 10:47:20 UTC (rev 1211)
+++ logcheck/trunk/debian/changelog	2006-09-13 16:12:56 UTC (rev 1212)
@@ -30,6 +30,7 @@
   * ignore.d.server/cron-apt: fixed several rules for corner cases.
   * ignore.d.server/postfix: added rule for server greeting timeout.
   * ignore.d.server/postfix: also add msgid status messages by cleanup daemon.
+  * ignore.d.server/proftpd: fixed rule to ignore unknown user logins.
   * ignore.d.server/spamd: fixed rule for config location message.
   * ignore.d.server/kernel: partially undo link status message filter, now
     only filters up messages, not the down ones. By nature of the link status,

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/proftpd
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/proftpd	2006-08-13 10:47:20 UTC (rev 1211)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/proftpd	2006-09-13 16:12:56 UTC (rev 1212)
@@ -5,5 +5,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login successful.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user found from \([._[:alnum:]-]+ \[[.:[:xdigit:]]+\]\) to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user '[-_.[:alnum:]]+'$

More information about the Logcheck-commits mailing list