Bug#309084: [Logcheck-devel] Bug#309084: logcheck-database: new rule & minor fixes for proftpd

[Tilman Koschnick]

On Sat, 2005-05-14 at 17:15 +0200, maximilian attems wrote:
> tags 309084 pending
> thanks
> 
> On Sat, 14 May 2005, Tilman Koschnick wrote:
> 
> > Hi,
> > 
> > find attached an additional rule for proftpd, and some minor fixes
> > for the existing ones. Could you please include this in the database?
> 
> thanks for the new rulefile,
> corrected dot match in bracket expressions.
>  
> > Cheers, Til
> 
>  
> > --- logcheck/ignore.d.server/proftpd  (revision 322)
> > +++ logcheck/ignore.d.server/proftpd  (local)
> > @@ -1,3 +1,4 @@
> >  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [\._[:alnum:]-]+: Login successful\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [\._[:alnum:]-]+( by \(uid=[0-9]+\))$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login successful\.$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/0.4: delaying for [0-9]+ usecs$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\)|)$
> 
> attached the current rules out of logcheck cvs.
> please test them.
> thanks for your feedback.

The rules are working fine, many thanks!

Til