[Logcheck-devel] no such user
martin f krafft
madduck at debian.org
Tue Jul 4 21:50:07 UTC 2006
I have rules like this on my servers:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:
[._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER
[-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+
\[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$
basically, I just don't care about logins as nonexistent users,
I get so many of those that I don't even think about contacting
the netblock operators.
However, is it okay to filter messages of that sort in
ignore.d.server? I say yes, because there's also paranoid. But
I want a second opinion on this...
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"the good thing about standards is
that there are so many to choose from."
-- andrew s. tanenbaum
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060704/4879e30d/attachment.pgp
More information about the Logcheck-devel
mailing list