[Logcheck-devel] [PATCH] enhanced rule(s) for deliver (dovecot)
Hanspeter Kunz
hkunz at ifi.uzh.ch
Mon Dec 29 13:38:58 UTC 2008
changes to rulefiles/linux/ignore.d.server/dovecot:
* removed obsolete rule for deliver (that matched only a subset of
patterns)
* added support for numerical msgids
* ignore discarded duplicate forwards
* don't care about spaces between msgid and :
Signed-off-by: Hanspeter Kunz <hkunz at ifi.uzh.ch>
---
rulefiles/linux/ignore.d.server/dovecot | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/dovecot
b/rulefiles/linux/ignore.d.server/dovecot
index d20953f..ac4e8e7 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -1,6 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login:
Disconnected \[[.:[:xdigit:]]+\]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\):
msgid=<[^[:space:]]+>( \((added by [^[:space:]]+|
sfid-[_[:xdigit:]]+)\))?: saved mail to [-_.[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\):
msgid=<[^[:space:]]+>?( \((added by [^[:space:]]+|
sfid-[_[:xdigit:]]+)\))?: (saved mail to [-_.[:alnum:]]+|forwarded to
<[^[:space:]]+>)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\):
msgid=(<[^[:space:]]+>?|[[:alnum:]]+)( \((added by [^[:space:]]+|
sfid-[_[:xdigit:]]+)\))?[[:space:]]*: (saved mail to
[-_.[:alnum:]]+|(discarded duplicate forward|forwarded) to
<[^[:space:]]+>)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\)
authentication failure; logname= uid=0 euid=0 tty=dovecot
ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\)
check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix
\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0
tty=dovecot ruser= rhost=$
--
1.5.6.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20081229/1c7f967b/attachment.pgp
More information about the Logcheck-devel
mailing list