[Logcheck-devel] dovecot message coming through filters
martin f krafft
madduck at debian.org
Thu Jul 6 09:02:25 UTC 2006
Okay, this confuses the hell out of me:
[System Events]
Jul 6 10:48:23 seamus dovecot: pop3-login: Login: user=<madduck at belligerence.net>, method=PLAIN, rip=84.72.30.149, lip=213.203.238.82, TLS
and here's the filter in ignore.d.server:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
Also:
seamus:~> echo "Jul 6 10:48:23 seamus dovecot: pop3-login: Login: user=<madduck at belligerence.net>, method=PLAIN, rip=84.72.30.149, lip=213.203.238.82, TLS" | egrep -c "^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$"
1
Yet, for every POP3 (or IMAP) login, I get a logcheck mail. What's
going on?
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
darwinism is nothing without enough dead bodies.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060706/d418d81b/attachment.pgp
More information about the Logcheck-devel
mailing list