[Logcheck-commits] martin f. krafft: ignore couriertcpd messages; thanks to Andrew Gallagher ( closes: #451118).
Martin F. Krafft
madduck at alioth.debian.org
Tue Jun 24 21:59:14 UTC 2008
Module: logcheck
Branch: master
Commit: ba7b3227436b0e1c8af91539817d2dd83baefd9d
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=ba7b3227436b0e1c8af91539817d2dd83baefd9d
Author: martin f. krafft <madduck at debian.org>
Date: Tue Jun 24 20:20:48 2008 +0100
ignore couriertcpd messages; thanks to Andrew Gallagher (closes: #451118).
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/courier | 17 +++++++++++------
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 457c0fe..2e348b5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,8 @@ logcheck (1.2.65) unstable; urgency=low
* ignore.d.server/courier:
- update rules to include port information; thanks to Antoine Pardignon
(closes: #446310).
+ - ignore couriertcpd messages; thanks to Andrew Gallagher
+ (closes: #451118).
* ignore.d.server/smbd_audit:
- ignore smbd audit log entries (closes: #452879).
* ignore.d.server/acpid:
diff --git a/rulefiles/linux/ignore.d.server/courier b/rulefiles/linux/ignore.d.server/courier
index 8593420..784ec49 100644
--- a/rulefiles/linux/ignore.d.server/courier
+++ b/rulefiles/linux/ignore.d.server/courier
@@ -2,14 +2,19 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?(, protocol=IMAP)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[[:digit:]]+)?(, starttls=[01])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+(, time=[[:digit:]]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Unexpected SSL connection shutdown\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): couriertls: read: Connection (reset by peer|timed out)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]](, port=\[[[:digit:]]+\])?+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, command=(CAPABILITY|AUTHENTICATE|LOGIN)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, username=[._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN, user=[._[:alnum:]-]+, ip=\[[.:[:alnum:]]+\], port=\[[[:digit:]]+\], protocol=(POP|IMAP)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Disconnected, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, time=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+, rcvd=[[:digit:]]+, sent=[[:digit:]]+, time=[[:digit:]]+$
More information about the Logcheck-commits
mailing list