[Logcheck-commits] martin f. krafft: ignore couriertcpd messages; thanks to Andrew Gallagher ( closes: #451118).

Martin F. Krafft madduck at alioth.debian.org
Tue Jun 24 21:59:14 UTC 2008


Module: logcheck
Branch: master
Commit: ba7b3227436b0e1c8af91539817d2dd83baefd9d
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=ba7b3227436b0e1c8af91539817d2dd83baefd9d

Author: martin f. krafft <madduck at debian.org>
Date:   Tue Jun 24 20:20:48 2008 +0100

ignore couriertcpd messages; thanks to Andrew Gallagher (closes: #451118).

---

 debian/changelog                        |    2 ++
 rulefiles/linux/ignore.d.server/courier |   17 +++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 457c0fe..2e348b5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,8 @@ logcheck (1.2.65) unstable; urgency=low
   * ignore.d.server/courier:
     - update rules to include port information; thanks to Antoine Pardignon
       (closes: #446310).
+    - ignore couriertcpd messages; thanks to Andrew Gallagher
+      (closes: #451118).
   * ignore.d.server/smbd_audit:
     - ignore smbd audit log entries (closes: #452879).
   * ignore.d.server/acpid:
diff --git a/rulefiles/linux/ignore.d.server/courier b/rulefiles/linux/ignore.d.server/courier
index 8593420..784ec49 100644
--- a/rulefiles/linux/ignore.d.server/courier
+++ b/rulefiles/linux/ignore.d.server/courier
@@ -2,14 +2,19 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?(, protocol=IMAP)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[[:digit:]]+)?(, starttls=[01])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+(, time=[[:digit:]]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Unexpected SSL connection shutdown\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): couriertls: read: Connection (reset by peer|timed out)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]](, port=\[[[:digit:]]+\])?+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, command=(CAPABILITY|AUTHENTICATE|LOGIN)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, username=[._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN, user=[._[:alnum:]-]+, ip=\[[.:[:alnum:]]+\], port=\[[[:digit:]]+\], protocol=(POP|IMAP)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Disconnected, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, time=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[[:digit:]]+, body=[[:digit:]]+, rcvd=[[:digit:]]+, sent=[[:digit:]]+, time=[[:digit:]]+$




More information about the Logcheck-commits mailing list