[Logcheck-commits] Hanspeter Kunz: i.d.s/dovecot: ignore more failed and aborted logins
Hanspeter Kunz
hp-guest at alioth.debian.org
Fri Mar 26 23:12:46 UTC 2010
Module: logcheck
Branch: master
Commit: 9714a72ffe3df9df62cc360d9bd7340be16b53b2
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=9714a72ffe3df9df62cc360d9bd7340be16b53b2
Author: Hanspeter Kunz <hp at edelkunz.ch>
Date: Fri Mar 26 23:50:49 2010 +0100
i.d.s/dovecot: ignore more failed and aborted logins
---
debian/changelog | 6 +++++-
rulefiles/linux/ignore.d.server/dovecot | 1 +
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 4f7576b..2bb841d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,7 +19,11 @@ logcheck (1.3.8) UNRELEASED; urgency=low
* docs/logcheck-test.1, docs/logtail.8, docs/logtail2.8:
- escaped dashes that really mean dashes
- -- Hannes von Haugwitz <hannes at vonhaugwitz.com> Fri, 19 Feb 2010 15:11:51 +0100
+ [ Hanspeter Kunz ]
+ * ignore.d.server/dovecot:
+ - ignore more failed and aborted logins
+
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Fri, 26 Mar 2010 23:46:09 +0100
logcheck (1.3.7) unstable; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index d9e090f..e855a53 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -8,6 +8,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts\):|\(auth failed, [[:digit:]]+ attempts\): user=<[-_.@[:alnum:]]+>, method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
More information about the Logcheck-commits
mailing list