[Logcheck-commits] Hanspeter Kunz: ignore.d.server/dovecot: ignore even more authentication failure messages
Hanspeter Kunz
hp-guest at alioth.debian.org
Sat Aug 1 12:35:50 UTC 2009
Module: logcheck
Branch: master
Commit: e63cc95dc2db0c2024638bdc987c3960b4f97c5b
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=e63cc95dc2db0c2024638bdc987c3960b4f97c5b
Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date: Sat Aug 1 14:27:15 2009 +0200
ignore.d.server/dovecot: ignore even more authentication failure messages
---
debian/changelog | 3 ++-
rulefiles/linux/ignore.d.server/dovecot | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 46bb981..7bccb8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ logcheck (1.3.3) experimental; urgency=low
* ignore.d.server/dovecot
- merged the two rules on aborted logins (thereby matching more cases)
- ignore more authentication failure messages
+ - ignore even more authentication failure messages
* ignore.d.server/vacation (NEW)
- ignore complaints on mails with no initial from line
* ignore.d.server/postfix
@@ -13,7 +14,7 @@ logcheck (1.3.3) experimental; urgency=low
* ignore.d.server/ssh
- ignore pam_unix(sshd:auth) user unknown messages
- -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 13:57:49 +0200
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 14:24:09 +0200
logcheck (1.3.2) experimental; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/dovecot b/rulefiles/linux/ignore.d.server/dovecot
index 7e0ebd6..c68b9b4 100644
--- a/rulefiles/linux/ignore.d.server/dovecot
+++ b/rulefiles/linux/ignore.d.server/dovecot
@@ -2,7 +2,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\): msgid=<?[^:\(]*>?( \((added by [^[:space:]]+|sfid-[_[:xdigit:]]+)\)?)?: (saved mail to [-_.[:alnum:]]+|forwarded to <[^[:space:]]+>)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?( user=[-_.@[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=([-_.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?( user=[-_.@[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
More information about the Logcheck-commits
mailing list