Bojan Baros
2004-Jun-11 14:12 UTC
[Logcheck-devel] Bug#253861: logcheck: Please add support for imapproxy
Package: logcheck
Version: 1.2.22a
Severity: wishlist
There is no support for imapproxy, and it would be a great help if it
was added. Following are two sample lines from the syslog:
Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT:
'"MyUser"' from
server sd [13]
Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"'
(xxx.xxx.xxx.xx:yyyyy) on existing sd [13]
It's untested, but I think following regexes would work:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT:
'"\w+"' from server sd \[[:digit:]\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN:
'"\w+"' \([._[:alnum:]-]+:[0-9]+\) on existing sd
\[[:digit:]\]
Thank you for creating a very usefull tool.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: sparc
Kernel: Linux 2.4.21
Locale: LANG=C, LC_CTYPE=C
Versions of packages logcheck depends on:
ii adduser 3.56 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.28 Debian configuration management sy
ii debianutils 2.8.2 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.22a A database of system log rules for
ii logtail 1.2.22a Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii perl 5.8.4-2 Larry Wall's Practical
Extraction
ii postfix [mail-tr 2.1.1-3 A high-performance mail transport
ii sysklogd [system 1.4.1-14 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
maks attems
2004-Jun-11 15:20 UTC
Bug#253861: [Logcheck-devel] Bug#253861: logcheck: Please add support for imapproxy
tag 253861 pending thanks hello bojan, On Fri, 11 Jun 2004, Bojan Baros wrote:> was added. Following are two sample lines from the syslog: > > Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT: '"MyUser"' from > server sd [13] > Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"' > (xxx.xxx.xxx.xx:yyyyy) on existing sd [13] > > It's untested, but I think following regexes would work:could you please test the attached rules on your server. put it inside /etc/logcheck/ignore.d.server (assuming you are not using paranoid mode). hope to read you soon. a++ maks -------------- next part -------------- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT: '"[_[:alnum:]-]+"' from server sd \[[0-9]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN: '"[_[:alnum:]-]+"' \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\) on existing sd \[[0-9]+\]$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040611/6ad5187c/attachment.pgp
Debian Bug Tracking System
2004-Jun-11 15:33 UTC
Processed: Re: [Logcheck-devel] Bug#253861: logcheck: Please add support for imapproxy
Processing commands for control at bugs.debian.org:> tag 253861 pendingBug#253861: logcheck: Please add support for imapproxy There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Bojan Baros
2004-Jun-14 22:16 UTC
Bug#253861: [Logcheck-devel] Bug#253861: logcheck: Please add support for imapproxy
Bojan Baros said:> maks attems said: >> On Fri, 11 Jun 2004, Bojan Baros wrote: >> >>> maks attems said: >>> > could you please test the attached rules on your server. >>> > put it inside /etc/logcheck/ignore.d.server >>> > (assuming you are not using paranoid mode). >>> > hope to read you soon. >>> >>> It did not work. I think there may be some spacing issues. >> >> well so try to correct them. :) >> >>> I have produced and tested my own regexpes, and they are attached to >>> this >>> email. >> >>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT: >>> '"\w+"' from server sd \[[0-9]+\] >>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN: >>> '"\w+"' \([.0-9]+:[0-9]+\) on existing sd \[[0-9]+\] >> >> i see, but >> *) those don't end with a '$', so don't match a hole line >> *) \w+ is not sufficient for a username [_[:alnum:]-]+ is >> *) [.0-9]+ for an ip should be at least [.0-9]{7,15} >> >> please correct those issues in you rules >> or fix the ones i sent you. >> >> i'll merge that to logcheck cvs. >> a++ maks > > > I appologize for the misunderstanding. > > Attached is modified imapproxy filter, based on your original ones. > > About some of the pointed out mistakes, I only got the ideas from other > files. If you want, I can identify some of those files and modify them to > meet the specs. > > Thank you. > > BojanHello Maks. I have discovered another 2 messages created by imapproxy that should be ignored. Attached is the new (tested) imapproxy ignore file with updated expressions. Bojan -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: imapproxy Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040614/3effad06/attachment.txt
Debian Bug Tracking System
2004-Jul-09 03:48 UTC
[Logcheck-devel] Bug#253861: marked as done (logcheck: Please add support for imapproxy)
Your message dated Thu, 08 Jul 2004 23:32:06 -0400 with message-id <E1Bim7K-0004VF-00 at newraff.debian.org> and subject line Bug#253861: fixed in logcheck 1.2.23 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 11 Jun 2004 14:11:21 +0000>From bojan at blis.dyndns.org Fri Jun 11 07:11:21 2004Return-path: <bojan at blis.dyndns.org> Received: from rwcrmhc12.comcast.net [216.148.227.85] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BYmkb-0000E4-00; Fri, 11 Jun 2004 07:11:21 -0700 Received: from blis.dyndns.org ([68.37.12.97]) by comcast.net (rwcrmhc12) with ESMTP id <2004061114104801400c2mufe>; Fri, 11 Jun 2004 14:10:48 +0000 Received: from localhost (Salsa [127.0.0.1]) by blis.dyndns.org (Postfix) with ESMTP id 43E3C40AD; Fri, 11 Jun 2004 10:12:03 -0400 (EDT) Received: from blis.dyndns.org ([127.0.0.1]) by localhost (Salsa [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31076-02; Fri, 11 Jun 2004 10:12:01 -0400 (EDT) Received: by blis.dyndns.org (Postfix, from userid 1000) id 5423040A9; Fri, 11 Jun 2004 10:12:01 -0400 (EDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Bojan Baros <bojan at blis.dyndns.org> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: Please add support for imapproxy X-Mailer: reportbug 2.61 Date: Fri, 11 Jun 2004 10:12:00 -0400 Message-Id: <20040611141201.5423040A9 at blis.dyndns.org> X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at blis.dyndns.org Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck Version: 1.2.22a Severity: wishlist There is no support for imapproxy, and it would be a great help if it was added. Following are two sample lines from the syslog: Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT: '"MyUser"' from server sd [13] Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"' (xxx.xxx.xxx.xx:yyyyy) on existing sd [13] It's untested, but I think following regexes would work: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT: '"\w+"' from server sd \[[:digit:]\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN: '"\w+"' \([._[:alnum:]-]+:[0-9]+\) on existing sd \[[:digit:]\] Thank you for creating a very usefull tool. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: sparc Kernel: Linux 2.4.21 Locale: LANG=C, LC_CTYPE=C Versions of packages logcheck depends on: ii adduser 3.56 Add and remove users and groups ii cron 3.0pl1-83 management of regular background p ii debconf [debconf 1.4.28 Debian configuration management sy ii debianutils 2.8.2 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.22a A database of system log rules for ii logtail 1.2.22a Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.4-2 Larry Wall's Practical Extraction ii postfix [mail-tr 2.1.1-3 A high-performance mail transport ii sysklogd [system 1.4.1-14 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 253861-close) by bugs.debian.org; 9 Jul 2004 03:38:05 +0000>From katie at ftp-master.debian.org Thu Jul 08 20:38:05 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BimD7-0006KJ-00; Thu, 08 Jul 2004 20:38:05 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Bim7K-0004VF-00; Thu, 08 Jul 2004 23:32:06 -0400 From: Todd Troxell <ttroxell at debian.org> To: 253861-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#253861: fixed in logcheck 1.2.23 Message-Id: <E1Bim7K-0004VF-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Thu, 08 Jul 2004 23:32:06 -0400 Delivered-To: 253861-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 6 Source: logcheck Source-Version: 1.2.23 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.23_all.deb to pool/main/l/logcheck/logcheck-database_1.2.23_all.deb logcheck_1.2.23.dsc to pool/main/l/logcheck/logcheck_1.2.23.dsc logcheck_1.2.23.tar.gz to pool/main/l/logcheck/logcheck_1.2.23.tar.gz logcheck_1.2.23_all.deb to pool/main/l/logcheck/logcheck_1.2.23_all.deb logtail_1.2.23_all.deb to pool/main/l/logcheck/logtail_1.2.23_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 253861 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thursday, 12 Jul 2004 22:55:19 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.23 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 149567 186372 190101 234385 244171 253861 253879 253998 254133 254681 255560 256549 Changes: logcheck (1.2.23) unstable; urgency=low . maks: * Remove logcheck pre-dependency on logtail. * Added imapproxy, kernel, nfs, scponly rules. * Updated dhcpd, innd, postfix, su, sudo rules. (Closes: #253879, #244171, #190101, #254681, #253861, #186372, #255560). * Fix locale dependent regexes. * Implemented testing mode to logcheck - doesn't update offset. * Added -l LOG switch for test runs on new log files. thanks todd for ideas and first work (Closes: #234385). * Add -m switch to specify recipient. (Closes: #149567). alfie: * debian/logcheck-database.templates: Clearified the rules-directories-note template and got updates for all translations. Thanks for fast responses! todd: * Update innfeed rules (Closes: #254133). * Update dhcp3 rules (Closes: #256549). * Change postinst script to set permissions on versions previous to 1.2.23 (Closes: #253998). * Add postfix rule for lmtp. * Add Rule for cyrus imap/SQUAT annoyance. * Spamd update for unknown message id. * Add Kernel and bonobo rules for workstations. Files: 194681a5833e247adcd50c6ffe0e4a43 670 admin optional logcheck_1.2.23.dsc ec715b8a1160751367dabdecb4ddfeb4 74885 admin optional logcheck_1.2.23.tar.gz 14ba0cd447909d769867efbd331960e6 37348 admin optional logcheck_1.2.23_all.deb bad26ea13036470994f54bf9e1c3c18b 42778 admin optional logcheck-database_1.2.23_all.deb ba84ae48e13e927d3e4da649913768e6 21788 admin optional logtail_1.2.23_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA7gsO4u3oQ3FHP2YRApstAKCSu6oScQckvbfjz0y3DuA51fD8dwCgw0Dc Np43xnp5o9CWVR4xuRbUqx4=MYFx -----END PGP SIGNATURE-----
Apparently Analagous Threads
- Bug#255560: logcheck-database: More Postfix rules
- IMAP-proxy or not with sogo webmail and dovecot backend
- Bug#260743: logcheck-database: dhcp rule updates for failover support
- Bug#275946: Acknowledgement (newline not recognized when logcheck sends emails)
- Bug#286747: logcheck-database: ignore rules for USB headset