[Logcheck-devel] Bug#258759: logcheck-database - rules update
Bastian Blank
waldi at debian.org
Sun Jul 11 11:23:35 UTC 2004
Package: logcheck-database
Version: cvs
Severity: wishlist
Several rules updates:
* linux/ignore.d.paranoid/cron: Add _ to allowed characters in username.
* linux/ignore.d.paranoid/postfix
- Merge rules for pipe and local.
- Add rules for virtual.
* linux/ignore.d.server/courier
- Merge linux/ignore.d.server/imap, linux/ignore.d.server/imapd-ssl,
linux/ignore.d.server/pop3d-ssl, they are mostly identical.
- Simplify rules.
- Add @ to allowed characters in username.
Bastian
--
Men will always be men -- no matter where they are.
-- Harry Mudd, "Mudd's Women", stardate 1329.8
-------------- next part --------------
? diff
? rulefiles/linux/ignore.d.server/test
Index: rulefiles/linux/ignore.d.paranoid/cron
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/cron,v
retrieving revision 1.2
diff -u -r1.2 cron
--- rulefiles/linux/ignore.d.paranoid/cron 21 Apr 2004 23:35:10 -0000 1.2
+++ rulefiles/linux/ignore.d.paranoid/cron 11 Jul 2004 11:15:14 -0000
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([-_[:alnum:]]+\) CMD \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
Index: rulefiles/linux/ignore.d.paranoid/postfix
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/postfix,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 postfix
--- rulefiles/linux/ignore.d.paranoid/postfix 19 Apr 2004 18:22:05 -0000 1.1.1.1
+++ rulefiles/linux/ignore.d.paranoid/postfix 11 Jul 2004 11:15:14 -0000
@@ -7,10 +7,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: disconnect from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: connect from [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/pipe\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/pipe\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, |)relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: alias database\.\*rebuilt$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: aliases\.\*longest$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: from=[^[:space:]]+$
Index: rulefiles/linux/ignore.d.server/courier
===================================================================
RCS file: rulefiles/linux/ignore.d.server/courier
diff -N rulefiles/linux/ignore.d.server/courier
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ rulefiles/linux/ignore.d.server/courier 11 Jul 2004 11:15:14 -0000
@@ -0,0 +1,7 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): Connection, ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3(login|d-ssl): (LOGOUT|TIMEOUT), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+$
Index: rulefiles/linux/ignore.d.server/imap
===================================================================
RCS file: rulefiles/linux/ignore.d.server/imap
diff -N rulefiles/linux/ignore.d.server/imap
--- rulefiles/linux/ignore.d.server/imap 19 Apr 2004 18:22:05 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,6 +0,0 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: LOGIN, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: LOGOUT, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: DISCONNECTED, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imaplogin: DISCONNECTED, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
Index: rulefiles/linux/ignore.d.server/imapd-ssl
===================================================================
RCS file: rulefiles/linux/ignore.d.server/imapd-ssl
diff -N rulefiles/linux/ignore.d.server/imapd-ssl
--- rulefiles/linux/ignore.d.server/imapd-ssl 19 Apr 2004 18:22:05 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,6 +0,0 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGIN, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: DISCONNECTED, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: DISCONNECTED, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGOUT, user=[[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGOUT, ip=\[[.:[:alnum:]]+\]$
Index: rulefiles/linux/ignore.d.server/pop3d-ssl
===================================================================
RCS file: rulefiles/linux/ignore.d.server/pop3d-ssl
diff -N rulefiles/linux/ignore.d.server/pop3d-ssl
--- rulefiles/linux/ignore.d.server/pop3d-ssl 3 May 2004 22:12:19 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,3 +0,0 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: LOGIN, user=[[:alnum:].*]+, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: (LOGOUT|TIMEOUT), user=[[:alnum:]@.]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040711/4869f0af/attachment.pgp
More information about the Logcheck-devel
mailing list