Hi,
I've Bug in my log report.
Oct 31 20:46:59 ks306288 dovecot: lda( <mailto:support at
mg-hebergement.com>
support at mg-hebergement.com): sieve: msgid=<
<mailto:20101031194659.AA62128EC08E at mail.mg-hebergement.com>
20101031194659.AA62128EC08E at mail.mg-hebergement.com>: stored mail into
mailbox 'INBOX'
Oct 31 20:46:59 ks306288 dovecot: dict: mysql: Connected to 127.0.0.1
(postfix)
Oct 31 20:47:03 ks306288 dovecot: pop3-login: Login: user=<
<mailto:paiements at stoglio-corporation.com>
paiements at stoglio-corporation.com>, method=PLAIN, rip=78.228.64.77,
lip=94.23.221.65, mpid=9906, TLS
Oct 31 20:47:03 ks306288 dovecot: pop3(
<mailto:paiements at stoglio-corporation.com>
paiements at stoglio-corporation.com): Disconnected: Logged out top=0/0,
retr=0/0, del=0/0, size=0
Oct 31 20:47:04 ks306288 dovecot: pop3-login: Login: user=<
<mailto:support at mg-hebergement.com> support at mg-hebergement.com>,
method=PLAIN, rip=78.228.64.77, lip=94.23.221.65, mpid=9908, TLS
Oct 31 20:47:04 ks306288 dovecot: pop3( <mailto:support at
mg-hebergement.com>
support at mg-hebergement.com): Disconnected: Logged out top=0/0, retr=1/5664,
del=1/1, size=5647
Oct 31 20:47:05 ks306288 dovecot: pop3-login: Login: user=<
<mailto:contact at stoglio-corporation.com> contact at
stoglio-corporation.com>,
method=PLAIN, rip=78.228.64.77, lip=94.23.221.65, mpid=9910, TLS
Oct 31 20:47:05 ks306288 dovecot: pop3(
<mailto:contact at stoglio-corporation.com> contact at
stoglio-corporation.com):
Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
My dovecot config (in logcheck ignore.d.server directory):
# pre 1.0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login:
[.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login:
Disconnected \[[.:[:xdigit:]]+\]$
# 1.0 and beyond
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login:
user=<[-_.@[:alnum:]]+>,
method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5),
rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted
login: (user=<[-_.@[:alnum:]]+>,
method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5),
)?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login:
Disconnected: ((Too many invalid commands|Inactivity):
)?(user=<[-_.@[:alnum:]]+>,
)?(method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5),
)?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login:
Disconnected: Logged out$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted
login( \([[:digit:]]+ authentication attempts\))?: rip=[.:[:xdigit:]]+,
lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([-_.@[:alnum:]]+\):
Disconnected(: Logged out| for inactivity|: Disconnected)?
top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+,
del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\):
Disconnected(: Logged out| for inactivity|: Disconnected| in [[:upper:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL
parameters regeneration completed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\(-_.[[:alnum:]]+\):
(pg|my)sql: Connected to [-_.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check
pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth:
pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\):
msgid=<[^[:space:]]+>( \((added by [^[:space:]]+|sfid-[_[:xdigit:]]+)\))?:
saved mail to [-_.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ deliver\([-_.@[:alnum:]]+\):
msgid=<[^[:space:]]+>?( \((added by
[^[:space:]]+|sfid-[_[:xdigit:]]+)\))?:
(saved mail to [-_.[:alnum:]]+|forwarded to <[^[:space:]]+>)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot:
auth-worker\([-_.[:alnum:]]+\): (pg|my)sql: Connected to [-_.[:alnum:]]+
\([-_.[:alnum:]]+\)$
# see #396760
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\):
client in: AUTH
[[:digit:]]+[[:space:]]+(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|dig
est)-md5)[[:space:]]+service=IMAP[[:space:]]+(secured
)?lip=[.:[:xdigit:]]+[[:space:]]+rip=[.:[:xdigit:]]+[[:space:]]+resp=<hidden>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\):
client in: CONT<hidden>
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\):
client out: CONT[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\):
Fixed index file /[-._/[:alnum:]&]+/dovecot\.index:
first_(recent|unseen)_uid_lowwater [[:digit:]]+ -> [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\):
Connection closed(: Connection reset by peer)?$
Thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20101031/dc291caf/attachment.htm>