Morten 'Doc' Nielsen
2005-Oct-06 02:28 UTC
[Logcheck-devel] Bug#327088: logcheck-database: dovecot logins appear after new regexp syntax
Package: logcheck-database Version: 1.2.41 Followup-For: Bug #327088 from what i can see, your new log format does not hide regular logins, so now my logcheck email is full of lines like this: Oct 5 20:02:03 docnielsen dovecot: imap-login: Login: user=<doc>, method=PLAIN, rip=192.168.1.123, lip=192.168.1.123, TLS Since i am no guru with grep lines, i'd love for someone to send me a small fix so i dont get 1-2 mb emails evry day. kind regards, Morten Nielsen -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note:
Jamie L. Penman-Smithson
2005-Oct-12 00:47 UTC
Bug#327088: [Logcheck-devel] Bug#327088: logcheck-database: dovecot logins appear after new regexp syntax
package logcheck-database tags 327088 pending thanks On Thu, 2005-10-06 at 04:28 +0200, Morten 'Doc' Nielsen wrote:> from what i can see, your new log format does not hide regular logins, > so now my logcheck email is full of lines like this: > > Oct 5 20:02:03 docnielsen dovecot: imap-login: Login: user=<doc>, method=PLAIN, rip=192.168.1.123, lip=192.168.1.123, TLSI've added the following rule for the new log message format in dovecot 1.0: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: user=<[.[:alnum:]@-]+>, method=(PLAIN|LOGIN|(CRAM|DIGEST)-MD5), rip=(::ffff:)?[.[:digit:]]+, lip=(::ffff:)?[.[:digit:]]+(, TLS)?$ It'll be included in the next release. Thanks, -- -Jamie L. Penman-Smithson <jamie at silverdream.org> t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: oubliette.z at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051012/f20bfc7c/attachment.pgp