Bug#309084: [Logcheck-devel] Bug#309084: logcheck-database: new rule & minor fixes for proftpd
Tilman Koschnick
til at subnetz.org
Sat May 14 23:04:38 UTC 2005
On Sat, 2005-05-14 at 17:15 +0200, maximilian attems wrote:
> tags 309084 pending
> thanks
>
> On Sat, 14 May 2005, Tilman Koschnick wrote:
>
> > Hi,
> >
> > find attached an additional rule for proftpd, and some minor fixes
> > for the existing ones. Could you please include this in the database?
>
> thanks for the new rulefile,
> corrected dot match in bracket expressions.
>
> > Cheers, Til
>
>
> > --- logcheck/ignore.d.server/proftpd (revision 322)
> > +++ logcheck/ignore.d.server/proftpd (local)
> > @@ -1,3 +1,4 @@
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [\._[:alnum:]-]+: Login successful\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [\._[:alnum:]-]+( by \(uid=[0-9]+\))$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login successful\.$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/0.4: delaying for [0-9]+ usecs$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\)|)$
>
> attached the current rules out of logcheck cvs.
> please test them.
> thanks for your feedback.
The rules are working fine, many thanks!
Til
More information about the Logcheck-devel
mailing list