[Logcheck-commits] Hanspeter Kunz: i.d.s/dovecot: ignore more failed and aborted logins

Gerfried Fuchs alfie at alioth.debian.org
Wed May 12 00:08:36 UTC 2010 

Module: logcheck
Branch: lenny-backports
Commit: 9714a72ffe3df9df62cc360d9bd7340be16b53b2
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=9714a72ffe3df9df62cc360d9bd7340be16b53b2

Author: Hanspeter Kunz <hp at edelkunz.ch>
Date:   Fri Mar 26 23:50:49 2010 +0100

i.d.s/dovecot: ignore more failed and aborted logins

---

 debian/changelog                        |    6 +++++-
 rulefiles/linux/ignore.d.server/dovecot |    1 +
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 4f7576b..2bb841d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,7 +19,11 @@ logcheck (1.3.8) UNRELEASED; urgency=low
   * docs/logcheck-test.1, docs/logtail.8, docs/logtail2.8:
     - escaped dashes that really mean dashes
 
- -- Hannes von Haugwitz <hannes at vonhaugwitz.com>  Fri, 19 Feb 2010 15:11:51 +0100
+  [ Hanspeter Kunz ]
+  * ignore.d.server/dovecot:
+    - ignore more failed and aborted logins
+
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch>  Fri, 26 Mar 2010 23:46:09 +0100
 
 logcheck (1.3.7) unstable; urgency=low
 
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index d9e090f..e855a53 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -8,6 +8,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts\):|\(auth failed, [[:digit:]]+ attempts\): user=<[-_.@[:alnum:]]+>, method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$

More information about the Logcheck-commits mailing list