[Logcheck-commits] r1344 -
logcheck/trunk/rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Tue Nov 14 11:59:20 CET 2006
Author: madduck
Date: 2006-11-14 11:59:20 +0100 (Tue, 14 Nov 2006)
New Revision: 1344
Modified:
logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot
Log:
better filtering for aborted logins
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot 2006-11-14 02:06:57 UTC (rev 1343)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/dovecot 2006-11-14 10:59:20 UTC (rev 1344)
@@ -3,7 +3,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[[.:[:xdigit:]]+\]$
# 1.0 and beyond
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login \[[.:[:xdigit:]]+]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Too many invalid commands: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Inactivity: (method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
More information about the Logcheck-commits
mailing list