[Logcheck-commits] martin f. krafft: ignore auth failure messages whe ruser and rip are known.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:12 UTC 2008
Module: logcheck
Branch: master
Commit: db3fa339145745030fec44ff3b65c11160741a91
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=db3fa339145745030fec44ff3b65c11160741a91
Author: martin f. krafft <madduck at debian.org>
Date: Fri Jul 18 15:04:06 2008 +0200
ignore auth failure messages whe ruser and rip are known.
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/dovecot | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a243c78..710a9d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ logcheck (1.2.68) unstable; urgency=low
* ignore.d.server/dovecot:
- ignore connection closed messages.
+ - ignore auth failure messages whe ruser and rip are known.
* ignore.d.server/postfix:
- ignore messages about untrusted cert issuers that have any of &(), in
their name.
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index f4bf053..ae5d4e6 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -1,7 +1,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\): msgid=<[^[:space:]]+>( \((added by [^[:space:]]+|sfid-[_[:xdigit:]]+)\))?: saved mail to [-_.[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
More information about the Logcheck-commits
mailing list