[Logcheck-devel] Bug#270191: logcheck: rules for perdition
Jamie L. Penman-Smithson
jamie at silverdream.org
Mon Sep 6 01:24:33 UTC 2004
Package: logcheck
Version: 1.2.26
Severity: minor
Running perdition (an IMAP and POP proxy) means a lot of messages to syslog:
Sep 6 01:10:13 evenstar perdition[27813]: Connect: 82.133.58.132->82.133.58.132
Sep 6 01:10:14 evenstar perdition[27813]: Auth:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net"
server="lorien.silverdream.org" port="110" status="ok"
Sep 6 01:10:14 evenstar perdition[27813]: Close:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net" received=12
sent=14
Sep 6 01:10:14 evenstar perdition[27814]: Connect:
82.133.58.132->82.133.58.132
Sep 6 01:10:14 evenstar perdition[27814]: Auth:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net"
server="lorien.silverdream.org" port="110" status="ok"
Sep 6 01:10:14 evenstar perdition[27814]: Close:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net" received=12
sent=14
The following regexps match the above messages, they've been tested to
work on my system:
Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $
Auth:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" server=\"[[:alnum:]+[:punct:]]+\" port=\"[0-9]+\" status=\"ok\"$
Close:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" received=[0-9]+ sent=[0-9]+$
Thanks for all the effort you've put into logcheck :)
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
04:30:01 up 2 days, 13:39, 13 users, load average: 2.10, 2.19, 2.31
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040906/7c5f3077/attachment.pgp
More information about the Logcheck-devel
mailing list