[Logcheck-devel] no such user

martin f krafft madduck at debian.org
Tue Jul 4 21:50:07 UTC 2006

I have rules like this on my servers:

  ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:
  [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER
  [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+
  \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$

basically, I just don't care about logins as nonexistent users,
I get so many of those that I don't even think about contacting
the netblock operators.

However, is it okay to filter messages of that sort in
ignore.d.server? I say yes, because there's also paranoid. But
I want a second opinion on this...

 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
"the good thing about standards is
 that there are so many to choose from."
                                                -- andrew s. tanenbaum
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060704/4879e30d/attachment.pgp 

More information about the Logcheck-devel mailing list