[Logcheck-commits] martin f. krafft: ignore auth failure messages whe ruser and rip are known.

Martin F. Krafft madduck at alioth.debian.org
Sun Aug 31 19:24:12 UTC 2008 

Module: logcheck
Branch: master
Commit: db3fa339145745030fec44ff3b65c11160741a91
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=db3fa339145745030fec44ff3b65c11160741a91

Author: martin f. krafft <madduck at debian.org>
Date:   Fri Jul 18 15:04:06 2008 +0200

ignore auth failure messages whe ruser and rip are known.

---

 debian/changelog                        |    1 +
 rulefiles/linux/ignore.d.server/dovecot |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index a243c78..710a9d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ logcheck (1.2.68) unstable; urgency=low
 
   * ignore.d.server/dovecot:
     - ignore connection closed messages.
+    - ignore auth failure messages whe ruser and rip are known.
   * ignore.d.server/postfix:
     - ignore messages about untrusted cert issuers that have any of &(), in
       their name.
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index f4bf053..ae5d4e6 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -1,7 +1,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[[.:[:xdigit:]]+\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\): msgid=<[^[:space:]]+>( \((added by [^[:space:]]+|sfid-[_[:xdigit:]]+)\))?: saved mail to [-_.[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$

More information about the Logcheck-commits mailing list