Bug#253861: [Logcheck-devel] Bug#253861: logcheck: Please add support for imapproxy

Bojan Baros bojan at blis.dyndns.org
Mon Jun 14 22:16:08 UTC 2004


Bojan Baros said:
> maks attems said:
>> On Fri, 11 Jun 2004, Bojan Baros wrote:
>>
>>> maks attems said:
>>> > could you please test the attached rules on your server.
>>> > put it inside /etc/logcheck/ignore.d.server
>>> > (assuming you are not using paranoid mode).
>>> > hope to read you soon.
>>>
>>> It did not work.  I think there may be some spacing issues.
>>
>> well so try to correct them. :)
>>
>>> I have produced and tested my own regexpes, and they are attached to
>>> this
>>> email.
>>
>>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT:
>>> '"\w+"' from server sd \[[0-9]+\]
>>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN:
>>> '"\w+"' \([.0-9]+:[0-9]+\) on existing sd \[[0-9]+\]
>>
>> i see, but
>> *) those don't end with a '$', so don't match a hole line
>> *) \w+ is not sufficient for a username [_[:alnum:]-]+ is
>> *) [.0-9]+ for an ip should be at least [.0-9]{7,15}
>>
>> please correct those issues in you rules
>> or fix the ones i sent you.
>>
>> i'll merge that to logcheck cvs.
>> a++ maks
>
>
> I appologize for the misunderstanding.
>
> Attached is modified imapproxy filter, based on your original ones.
>
> About some of the pointed out mistakes, I only got the ideas from other
> files.  If you want, I can identify some of those files and modify them to
> meet the specs.
>
> Thank you.
>
> Bojan

Hello Maks.

I have discovered another 2 messages created by imapproxy that should be
ignored.  Attached is the new (tested) imapproxy ignore file with updated
expressions.

Bojan
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: imapproxy
Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040614/3effad06/attachment.txt 


More information about the Logcheck-devel mailing list