[Logcheck-commits] Hanspeter Kunz: ignore.d.server/dovecot: ignore more authentication failure messages
Hanspeter Kunz
hp-guest at alioth.debian.org
Tue Jul 28 12:09:25 UTC 2009
Module: logcheck
Branch: master
Commit: 2f22b392c1c4c1eccac46567927c2a7dd7be69b5
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=2f22b392c1c4c1eccac46567927c2a7dd7be69b5
Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date: Tue Jul 28 14:09:18 2009 +0200
ignore.d.server/dovecot: ignore more authentication failure messages
---
debian/changelog | 3 ++-
rulefiles/linux/ignore.d.server/dovecot | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 6a48356..ffb68cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,8 +5,9 @@ logcheck (1.3.3) experimental; urgency=low
- enhanced rule to ignore "Tell: Setting local Removing remote" messages
* ignore.d.server/dovecot
- merged the two rules on aborted logins (thereby matching more cases)
+ - ignore more authentication failure messages
- -- Hanspeter Kunz <hkunz at franz.ifi.uzh.ch> Tue, 28 Jul 2009 13:58:43 +0200
+ -- Hanspeter Kunz <hkunz at franz.ifi.uzh.ch> Tue, 28 Jul 2009 14:06:00 +0200
logcheck (1.3.2) experimental; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index 0c310e7..7e0ebd6 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -1,6 +1,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\): msgid=<?[^:\(]*>?( \((added by [^[:space:]]+|sfid-[_[:xdigit:]]+)\)?)?: (saved mail to [-_.[:alnum:]]+|forwarded to <[^[:space:]]+>)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?( user=[-_.@[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
More information about the Logcheck-commits
mailing list