[Logcheck-commits] Hanspeter Kunz: i.d.s/dovecot: ignore aborted authentications
Gerfried Fuchs
alfie at alioth.debian.org
Wed May 12 00:10:16 UTC 2010
Module: logcheck
Branch: lenny-backports
Commit: 326acab5667faad1b2724dd0136182a7de911fba
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=326acab5667faad1b2724dd0136182a7de911fba
Author: Hanspeter Kunz <hp at edelkunz.ch>
Date: Sat Apr 3 17:45:20 2010 +0200
i.d.s/dovecot: ignore aborted authentications
---
debian/changelog | 3 ++-
rulefiles/linux/ignore.d.server/dovecot | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 24f7c97..b53c583 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -36,11 +36,12 @@ logcheck (1.3.8) UNRELEASED; urgency=low
- ignore more "Connection closed" messages
- ignore "Too many invalid IMAP commands"
- ignore more "Connection closed" messages (MANAGESIEVE)
+ - ignore aborted authentications
* ignore.d.server/postfix:
- ignore disconnects during EHLO (and not only HELO) handshakes
- merged 5 similar "lost connection" rules into one
- -- Hanspeter Kunz <hp at edelkunz.ch> Sat, 03 Apr 2010 13:31:52 +0200
+ -- Hanspeter Kunz <hkunz at irulan.localdomain> Sat, 03 Apr 2010 17:43:38 +0200
logcheck (1.3.7) unstable; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index a83e7db..2b201b5 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -8,7 +8,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts\):|\(auth failed, [[:digit:]]+ attempts\): user=<[-_.@[:alnum:]]+>, method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts\):|\(auth failed, [[:digit:]]+ attempts\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
More information about the Logcheck-commits
mailing list