[Logcheck-commits] martin f. krafft: ignore aborted logins with 0 authentication attempts
Gerfried Fuchs
alfie at alioth.debian.org
Wed Jul 16 11:03:45 UTC 2008
Module: logcheck
Branch: etch-backports
Commit: 8960f68d741c07b74c486086c4d5da0ed4c4956d
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=8960f68d741c07b74c486086c4d5da0ed4c4956d
Author: martin f. krafft <madduck at debian.org>
Date: Tue Jun 24 18:49:23 2008 +0100
ignore aborted logins with 0 authentication attempts
---
debian/changelog | 5 ++++-
rulefiles/linux/ignore.d.server/dovecot | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ebec5b3..5a1f1e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,11 @@ logcheck (1.2.65) unstable; urgency=low
- fixed filters for certificate messages that changed in postfix 2.5.
* ignore.d.server/maradns:
- ignore messages related to resolvconf integration.
+ * ignore.d.server/dovecot:
+ - ignore aborted logins with 0 authentication attempts, e.g. due to
+ nagios; thanks to René Hertell (closes: #487208).
- -- martin f. krafft <madduck at debian.org> Tue, 24 Jun 2008 18:46:14 +0100
+ -- martin f. krafft <madduck at debian.org> Tue, 24 Jun 2008 18:48:28 +0100
logcheck (1.2.64) unstable; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index 0e4cac2..969c28f 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -6,7 +6,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected)? top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected| in [[:upper:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL parameters regeneration completed$
More information about the Logcheck-commits
mailing list