[Logcheck-devel] Rules for pure-ftpd [INFO] messages

maximilian attems debian at sternwelten.at
Tue Feb 15 09:26:09 UTC 2005


On Tue, 15 Feb 2005, Jamie L. Penman-Smithson wrote:

> Hey all,
> 
> In bug #295254 the submitted suggested added one rule for all [INFO]
> messages, something like:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd:
> \([.[:alnum:]-]+@[._[:alnum:]-]+\) \[INFO\].*$

i object.
 
> AFAIK using .* means using more resources when logcheck applies it
> against every log message, at least that's how I remember it, but my
> memory is a bit sketchy..

that's correct. :)
 
> Rather than adding umpteen rules for every [INFO] message, would it be
> better to use one rule with .* ..?

pure-ftpd has quite a security record,
anyway please keep '.*' for remotely passed strings
to the particular daemon.
afair examples of usages are in the postfix rules set.

thanks for working out the [INFO] messages.

--
maks

ps thought that you were subscribed, so didn't cc you.
   hope that's ok?





More information about the Logcheck-devel mailing list