[Logcheck-commits] martin f. krafft: * ignore.d.server/courier:
Gerfried Fuchs
alfie at alioth.debian.org
Wed Jul 16 11:03:46 UTC 2008
Module: logcheck
Branch: etch-backports
Commit: 57b6efa715d193ec256d6d8ff5e3daeafd78529c
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=57b6efa715d193ec256d6d8ff5e3daeafd78529c
Author: martin f. krafft <madduck at debian.org>
Date: Tue Jun 24 19:34:30 2008 +0100
* ignore.d.server/courier:
- update rules to include port information; thanks to Antoine Pardignon
(closes: #446310).
---
debian/changelog | 3 +++
rulefiles/linux/ignore.d.server/courier | 20 ++++++++++----------
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index c8990e6..b665813 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ logcheck (1.2.65) unstable; urgency=low
(closes: #483214)
* ignore.d.server/imapproxy:
- ignore failures to read from client socket (closes: #482523).
+ * ignore.d.server/courier:
+ - update rules to include port information; thanks to Antoine Pardignon
+ (closes: #446310).
-- martin f. krafft <madduck at debian.org> Tue, 24 Jun 2008 18:56:26 +0100
diff --git a/rulefiles/linux/ignore.d.server/courier b/rulefiles/linux/ignore.d.server/courier
index eb82c88..8593420 100644
--- a/rulefiles/linux/ignore.d.server/courier
+++ b/rulefiles/linux/ignore.d.server/courier
@@ -1,15 +1,15 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, protocol=IMAP)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Connection, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?(, protocol=IMAP)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: starting client module$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): authdaemon: ACCEPT, username [@._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, headers=[0-9]+, body=[0-9]+(, rcvd=[[:digit:]]+, sent=[[:digit:]]+)?(, time=[0-9]+)?(, starttls=[01])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): (LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\](, port=\[[[:digit:]]+\])?, top=[0-9]+, retr=[0-9]+(, time=[0-9]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): Unexpected SSL connection shutdown\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ((imap|pop3)(login|d-ssl)|couriertcpd): couriertls: read: Connection (reset by peer|timed out)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ authdaemond.plain: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]]+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ couriertcpd: Connection, ip=[:.[:xdigit:]](, port=\[[[:digit:]]+\])?+
More information about the Logcheck-commits
mailing list