[Logcheck-commits] Hanspeter Kunz: ignore.d.server/dovecot: ignore ldap authentiation failure messages

Hanspeter Kunz hp-guest at alioth.debian.org
Sat Aug 1 12:35:51 UTC 2009 

Module: logcheck
Branch: master
Commit: 3d235f6ceb907e582129729f1aedd0a4a277bbc3
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=3d235f6ceb907e582129729f1aedd0a4a277bbc3

Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date:   Sat Aug  1 14:35:41 2009 +0200

ignore.d.server/dovecot: ignore ldap authentiation failure messages

---

 debian/changelog                        |    3 ++-
 rulefiles/linux/ignore.d.server/dovecot |    1 +
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 7bccb8e..a4b9856 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ logcheck (1.3.3) experimental; urgency=low
     - merged the two rules on aborted logins (thereby matching more cases)
     - ignore more authentication failure messages 
     - ignore even more authentication failure messages
+    - ignore ldap authentiation failure messages
   * ignore.d.server/vacation (NEW)
     - ignore complaints on mails with no initial from line
   * ignore.d.server/postfix
@@ -14,7 +15,7 @@ logcheck (1.3.3) experimental; urgency=low
   * ignore.d.server/ssh
     - ignore pam_unix(sshd:auth) user unknown messages
 
- -- Hanspeter Kunz <hkunz at ifi.uzh.ch>  Sat, 01 Aug 2009 14:24:09 +0200
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch>  Sat, 01 Aug 2009 14:33:56 +0200
 
 logcheck (1.3.2) experimental; urgency=low
 
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index c68b9b4..e66c19b 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -4,6 +4,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?(  user=[-_.@[:alnum:]]+)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$

More information about the Logcheck-commits mailing list