[Logcheck-commits] r1339 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Tue Nov 14 01:31:09 CET 2006 

Author: madduck
Date: 2006-11-14 01:31:09 +0100 (Tue, 14 Nov 2006)
New Revision: 1339

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/courier
Log:
* ignore.d.server/courier: cleanup to match some more messages reported by
  Enrique Garcia (closes: #395265).

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-11-14 00:22:56 UTC (rev 1338)
+++ logcheck/trunk/debian/changelog	2006-11-14 00:31:09 UTC (rev 1339)
@@ -61,8 +61,10 @@
     Alexander Gerasiov (closes: #398163).
   * ignore.d.server/amandad: ignore messages with resolved hostnames instead
     of IPs; thanks to Jan Evert van Grootheest (closes: #396407).
+  * ignore.d.server/courier: cleanup to match some more messages reported by
+    Enrique Garcia (closes: #395265).
 
- -- martin f. krafft <madduck at debian.org>  Tue, 14 Nov 2006 01:22:17 +0100
+ -- martin f. krafft <madduck at debian.org>  Tue, 14 Nov 2006 01:30:27 +0100
 
 logcheck (1.2.50) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/courier
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/courier	2006-11-14 00:22:56 UTC (rev 1338)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/courier	2006-11-14 00:31:09 UTC (rev 1339)
@@ -1,17 +1,15 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], protocol=IMAP$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): authdaemon: starting client module$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, protocol=IMAP)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, time=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3(login|d-ssl): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: couriertls: read: Connection reset by peer$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): (LOGOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, time=[0-9]+, starttls=[01]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[::ffff:192.168.XX.XX]

More information about the Logcheck-commits mailing list