[Logcheck-commits] Hanspeter Kunz: ignore.d.server/dovecot: merged the two rules on aborted logins (thereby matching more cases)

Tue Jul 28 12:01:55 UTC 2009

Module: logcheck
Branch: master
Commit: 25767ee26b65598dad486f8f5c3502a73b256685
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=25767ee26b65598dad486f8f5c3502a73b256685

Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date:   Tue Jul 28 14:01:28 2009 +0200

ignore.d.server/dovecot: merged the two rules on aborted logins (thereby matching more cases)

---

 debian/changelog                        |    4 +++-
 rulefiles/linux/ignore.d.server/dovecot |    3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 9cec337..6a48356 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,10 @@ logcheck (1.3.3) experimental; urgency=low
   [ Hanspeter Kunz ]
   * ignore.d.server/spamd:
     - enhanced rule to ignore "Tell: Setting local Removing remote" messages
+  * ignore.d.server/dovecot
+    - merged the two rules on aborted logins (thereby matching more cases)
 
- -- Hanspeter Kunz <hkunz at ifi.uzh.ch>  Tue, 28 Jul 2009 13:28:23 +0200
+ -- Hanspeter Kunz <hkunz at franz.ifi.uzh.ch>  Tue, 28 Jul 2009 13:58:43 +0200
 
 logcheck (1.3.2) experimental; urgency=low
 
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index a9f0b8e..0c310e7 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -5,8 +5,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$


