[Logcheck-devel] Bug#270191: logcheck: rules for perdition

Jamie L. Penman-Smithson jamie at silverdream.org
Mon Sep 6 01:24:33 UTC 2004 

Package: logcheck
Version: 1.2.26
Severity: minor

Running perdition (an IMAP and POP proxy) means a lot of messages to syslog:

Sep  6 01:10:13 evenstar perdition[27813]: Connect: 82.133.58.132->82.133.58.132
Sep  6 01:10:14 evenstar perdition[27813]: Auth:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net"
server="lorien.silverdream.org" port="110" status="ok"
Sep  6 01:10:14 evenstar perdition[27813]: Close:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net" received=12
sent=14
Sep  6 01:10:14 evenstar perdition[27814]: Connect:
82.133.58.132->82.133.58.132
Sep  6 01:10:14 evenstar perdition[27814]: Auth:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net"
server="lorien.silverdream.org" port="110" status="ok"
Sep  6 01:10:14 evenstar perdition[27814]: Close:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net" received=12
sent=14

The following regexps match the above messages, they've been tested to
work on my system:

Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $
Auth:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" server=\"[[:alnum:]+[:punct:]]+\" port=\"[0-9]+\" status=\"ok\"$
Close:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" received=[0-9]+ sent=[0-9]+$

Thanks for all the effort you've put into logcheck :)

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 04:30:01 up 2 days, 13:39, 13 users,  load average: 2.10, 2.19, 2.31

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040906/7c5f3077/attachment.pgp

More information about the Logcheck-devel mailing list