Ingo Theiss
2005-Feb-19 18:05 UTC
[Logcheck-devel] Bug#296014: logcheck: ignore.d.server courier-pop 'DISCONNECTED' not matching
Package: logcheck
Version: 1.2.34
Severity: normal
the courier-pop pattern for 'DISCONNECTED' does not match the following
message:
Feb 17 18:25:58 backup courierpop3login: DISCONNECTED,
user=test at example.com, ip=[::ffff:111.111.111.111], top=0, retr=0,
time=5
seems like a typo prevents a match! here is the pattern from
courier-pop:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login:
(LOGOUT|TIMEOUT|DISCONNECTD), user=[-_.@[:alnum:]]+,
ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+, time=[0-9]+(, stls=1)?$
there is en 'E' missing in 'DISCONNECTD'!
thanks once again!
regards,
ingo
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck depends on:
ii adduser 3.59 Add and remove users and groups
ii cron 3.0pl1-86 management of regular background p
ii debconf [debconf 1.4.30.11 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii exim4-daemon-hea 4.34-10 Exim (v4) with extended features,
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.34 A database of system log rules for
ii logtail 1.2.34 Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii sysklogd [system 1.4.1-16 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
Jamie L. Penman-Smithson
2005-Feb-20 02:26 UTC
[Logcheck-devel] Bug#296014: logcheck: ignore.d.server courier-pop 'DISCONNECTED' not matching
tag 296014 pending thanks On Sat, 2005-02-19 at 19:05 +0100, Ingo Theiss wrote:> the courier-pop pattern for 'DISCONNECTED' does not match the following > message: > > Feb 17 18:25:58 backup courierpop3login: DISCONNECTED, > user=test at example.com, ip=[::ffff:111.111.111.111], top=0, retr=0, > time=5 > > seems like a typo prevents a match! here is the pattern from > courier-pop: > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: > (LOGOUT|TIMEOUT|DISCONNECTD), user=[-_.@[:alnum:]]+, > ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+, time=[0-9]+(, stls=1)?$ > > there is en 'E' missing in 'DISCONNECTD'!I couldn't find this rule anywhere, however I've added the following rule to CVS which matches the log message you gave: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: (TIMEOUT| DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[[:digit:]]+, retr=[[:digit:]]+, time=[[:digit:]]+$ Thanks for your report, -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050220/36d26b61/attachment.pgp
Debian Bug Tracking System
2005-Feb-20 02:33 UTC
[Logcheck-devel] Processed: Re: Bug#296014: logcheck: ignore.d.server courier-pop 'DISCONNECTED' not matching
Processing commands for control at bugs.debian.org:> tag 296014 pendingBug#296014: logcheck: ignore.d.server courier-pop 'DISCONNECTED' not matching There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)