[Logcheck-commits] Hanspeter Kunz: ignore.d.server/dovecot: ignore ldap authentiation failure messages
Hanspeter Kunz
hp-guest at alioth.debian.org
Sat Aug 1 12:35:51 UTC 2009
Module: logcheck
Branch: master
Commit: 3d235f6ceb907e582129729f1aedd0a4a277bbc3
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=3d235f6ceb907e582129729f1aedd0a4a277bbc3
Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date: Sat Aug 1 14:35:41 2009 +0200
ignore.d.server/dovecot: ignore ldap authentiation failure messages
---
debian/changelog | 3 ++-
rulefiles/linux/ignore.d.server/dovecot | 1 +
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 7bccb8e..a4b9856 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ logcheck (1.3.3) experimental; urgency=low
- merged the two rules on aborted logins (thereby matching more cases)
- ignore more authentication failure messages
- ignore even more authentication failure messages
+ - ignore ldap authentiation failure messages
* ignore.d.server/vacation (NEW)
- ignore complaints on mails with no initial from line
* ignore.d.server/postfix
@@ -14,7 +15,7 @@ logcheck (1.3.3) experimental; urgency=low
* ignore.d.server/ssh
- ignore pam_unix(sshd:auth) user unknown messages
- -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 14:24:09 +0200
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 14:33:56 +0200
logcheck (1.3.2) experimental; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index c68b9b4..e66c19b 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -4,6 +4,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?( user=[-_.@[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
More information about the Logcheck-commits
mailing list