[Logcheck-commits] martin f. krafft: * ignore.d.server/courier:

Gerfried Fuchs alfie at alioth.debian.org
Wed Jul 16 11:03:46 UTC 2008 

Module: logcheck
Branch: etch-backports
Commit: 57b6efa715d193ec256d6d8ff5e3daeafd78529c
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=57b6efa715d193ec256d6d8ff5e3daeafd78529c

Author: martin f. krafft <madduck at debian.org>
Date:   Tue Jun 24 19:34:30 2008 +0100

* ignore.d.server/courier:
  - update rules to include port information; thanks to Antoine Pardignon
    (closes: #446310).

---

 debian/changelog                        |    3 +++
 rulefiles/linux/ignore.d.server/courier |   20 ++++++++++----------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c8990e6..b665813 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ logcheck (1.2.65) unstable; urgency=low
       (closes: #483214)
   * ignore.d.server/imapproxy:
     - ignore failures to read from client socket (closes: #482523).
+  * ignore.d.server/courier:
+    - update rules to include port information; thanks to Antoine Pardignon
+      (closes: #446310).
 
  -- martin f. krafft <madduck at debian.org>  Tue, 24 Jun 2008 18:56:26 +0100
 
diff --git a/rulefiles/linux/ignore.d.server/courier b/rulefiles/linux/ignore.d.server/courier
index eb82c88..8593420 100644
--- a/rulefiles/linux/ignore.d.server/courier
+++ b/rulefiles/linux/ignore.d.server/courier
@@ -1,15 +1,15 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, protocol=IMAP)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?(, protocol=IMAP)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Unexpected SSL connection shutdown\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): couriertls: read: Connection (reset by peer|timed out)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]]+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]](, port=\[[[:digit:]]+\])?+

More information about the Logcheck-commits mailing list