[Logcheck-devel] Bug#296014: logcheck: ignore.d.server courier-pop 'DISCONNECTED' not matching
Jamie L. Penman-Smithson
jamie at silverdream.org
Sun Feb 20 02:26:26 UTC 2005
tag 296014 pending
thanks
On Sat, 2005-02-19 at 19:05 +0100, Ingo Theiss wrote:
> the courier-pop pattern for 'DISCONNECTED' does not match the following
> message:
>
> Feb 17 18:25:58 backup courierpop3login: DISCONNECTED,
> user=test at example.com, ip=[::ffff:111.111.111.111], top=0, retr=0,
> time=5
>
> seems like a typo prevents a match! here is the pattern from
> courier-pop:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login:
> (LOGOUT|TIMEOUT|DISCONNECTD), user=[-_.@[:alnum:]]+,
> ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+, time=[0-9]+(, stls=1)?$
>
> there is en 'E' missing in 'DISCONNECTD'!
I couldn't find this rule anywhere, however I've added the following
rule to CVS which matches the log message you gave:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (TIMEOUT|
DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\],
top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
Thanks for your report,
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050220/36d26b61/attachment.pgp
More information about the Logcheck-devel
mailing list