[Logcheck-devel] Bug#451118: logcheck: Suggested couriertcpd rules

Andrew Gallagher andrewg at andrewg.com
Tue Nov 13 14:10:13 UTC 2007 

Package: logcheck
Version: 1.2.63
Severity: wishlist
Tags: patch

There are currently no rules matching couriertcpd. I have found the following
work with courier-imap-ssl <= 4.2.0-1 and courier-base <= 0.57.0-1 . It may
be worth merging these with the other courier rulesets.


^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\], command=(CAPABILITY|AUTHENTICATE|LOGIN)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN: ip=\[[.:[:alnum:]]+\], username=[._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: LOGIN, user=[._[:alnum:]-]+, ip=\[[.:[:alnum:]]+\], port=\[[[:digit:]]+\], protocol=(POP|IMAP)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=\[[.:[:alnum:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Disconnected, ip=\[[.:[:alnum:]]+\], time=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, rcvd=[0-9]+, sent=[0-9]+, time=[0-9]+$



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.18-xenU-xp070519 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser          3.105                   add and remove users and groups
ii  cron             3.0pl1-100              management of regular background p
ii  lockfile-progs   0.1.11                  Programs for locking and unlocking
ii  logtail          1.2.63                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.4.5-3                 High-performance mail transport ag
ii  sysklogd [system 1.5-1                   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.63     database of system log rules for t

-- debconf information:
  logcheck/changes:
* logcheck/install-note:

More information about the Logcheck-devel mailing list