Dieter Piringer
2007-May-25 09:19 UTC
[Logcheck-devel] Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
Package: logcheck-database
Version: 1.2.54
Severity: minor
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.2-dp0
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
Since etch, courier is logging ssl connactions as imapd and not longer
as imapd-ssl, so the Pattern
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: ...
fails.
For me it works to change ignore.d.server/courier-imap-ssl and
violations.ignore.d/courier-imap-ssl, i changed "imapd-ssl" to
"imapd(-ssl)?" so both versions match.
--- ignore.d.server/courier-imap-ssl.old 2007-05-25
10:33:52.000000000 +0200
+++ ignore.d.server/courier-imap-ssl 2007-05-25 10:34:20.000000000
+0200
@@ -1,5 +1,5 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: Connection,
ip=\[[.:[:alnum:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGIN,
user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], protocol=IMAP$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl:
(LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+,
ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, rcvd=[0-9]+,
sent=[0-9]+, time=[0-9]+, starttls=[01]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: couriertls: read:
Connection timed out$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: couriertls: accept:
Connection reset by peer$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?: Connection,
ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?: LOGIN,
user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], protocol=IMAP$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?:
(LOGOUT|TIMEOUT|DISCONNECTED), user=[-_.@[:alnum:]]+,
ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, rcvd=[0-9]+,
sent=[0-9]+, time=[0-9]+, starttls=[01]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?: couriertls: read:
Connection timed out$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?: couriertls: accept:
Connection reset by peer$
--- violations.ignore.d/courier-imap-ssl.old 2007-05-25
11:14:22.000000000 +0200
+++ violations.ignore.d/courier-imap-ssl 2007-05-25
10:34:57.000000000 +0200
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: Unexpected SSL connection
shutdown\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd(-ssl)?: Unexpected SSL
connection shutdown\.$
Apparently Analagous Threads
- Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
- Bug#510472: logcheck-database: pam_unix messages could be ignored.
- Bug#275946: Acknowledgement (newline not recognized when logcheck sends emails)
- Bug#369603: logcheck-database: new rule for dhcpd
- Bug#403758: Logcheck rules for Snort
Wisdom of the Ancients
