Bug#327088: [Logcheck-devel] Bug#327088: logcheck-database: dovecot logins appear after new regexp syntax
Jamie L. Penman-Smithson
jamie at silverdream.org
Wed Oct 12 00:47:48 UTC 2005
package logcheck-database
tags 327088 pending
thanks
On Thu, 2005-10-06 at 04:28 +0200, Morten 'Doc' Nielsen wrote:
> from what i can see, your new log format does not hide regular logins,
> so now my logcheck email is full of lines like this:
>
> Oct 5 20:02:03 docnielsen dovecot: imap-login: Login: user=<doc>, method=PLAIN, rip=192.168.1.123, lip=192.168.1.123, TLS
I've added the following rule for the new log message format in dovecot
1.0:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login:
user=<[.[:alnum:]@-]+>, method=(PLAIN|LOGIN|(CRAM|DIGEST)-MD5),
rip=(::ffff:)?[.[:digit:]]+, lip=(::ffff:)?[.[:digit:]]+(, TLS)?$
It'll be included in the next release.
Thanks,
--
-Jamie L. Penman-Smithson <jamie at silverdream.org>
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: oubliette.z at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051012/f20bfc7c/attachment.pgp
More information about the Logcheck-devel
mailing list