[Logcheck-devel] Rules for pure-ftpd [INFO] messages
maximilian attems
debian at sternwelten.at
Tue Feb 15 09:26:09 UTC 2005
On Tue, 15 Feb 2005, Jamie L. Penman-Smithson wrote:
> Hey all,
>
> In bug #295254 the submitted suggested added one rule for all [INFO]
> messages, something like:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd:
> \([.[:alnum:]-]+@[._[:alnum:]-]+\) \[INFO\].*$
i object.
> AFAIK using .* means using more resources when logcheck applies it
> against every log message, at least that's how I remember it, but my
> memory is a bit sketchy..
that's correct. :)
> Rather than adding umpteen rules for every [INFO] message, would it be
> better to use one rule with .* ..?
pure-ftpd has quite a security record,
anyway please keep '.*' for remotely passed strings
to the particular daemon.
afair examples of usages are in the postfix rules set.
thanks for working out the [INFO] messages.
--
maks
ps thought that you were subscribed, so didn't cc you.
hope that's ok?
More information about the Logcheck-devel
mailing list