similar to: Bug#700851: logcheck-database: postfix ignore.d.server now logs on the same line sasl_method, sasl_username AND sasl_sender, rule must be updated

Displaying 20 results from an estimated 3000 matches similar to: "Bug#700851: logcheck-database: postfix ignore.d.server now logs on the same line sasl_method, sasl_username AND sasl_sender, rule must be updated"

2004 Aug 10
1
one = sign to much?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I think I found a mistake in the postfix file in /etc/logcheck/ignore.d.server. There is one equal sign to much in this line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[[:alnum:]]+, sasl_username==[-_.@[:alnum:]]+$ I think it should be: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2011 Mar 10
0
Bug#617530: log format changed for postfix/smtpd when using XFORWARD
Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch Hi, after examining the code for postfix/smtpd, the following parameters for that specific log line can be present: client, sasl_method, sasl_username, sasl_sender, orig_queue_id, orig_client "client" is always present, the others are added where applicable, but always in the order explained above. There have been
2004 Jun 21
2
Bug#255560: logcheck-database: More Postfix rules
Package: logcheck-database Version: 1.2.22a Severity: normal Thanks to the upgrade to Postfix 2.1 and deploying a newer logcheck ruleset on a busier server I've found a bunch more rules for Postfix. I've attached new rules files and patches are inline. The following patch is for violations.ignore.d: --- logcheck-postfix.orig 2004-06-21 20:11:14.000000000 +0100 +++ logcheck-postfix
2010 Nov 10
1
dovecot dictionary attacks
Hi, I been using dovecot for awhile and its been solid, however I been having some issues with dictionary attacks. I installed fail2ban and for the most part is working fine. However today I got another spammer relaying through my server. Looking at the logs I see the following dictonary attack from 94.242.206.37 Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,
2010 Nov 10
1
dictonary attacks
Hi hoping someone can help me a little with this one. I have 2 mail servers, the incoming mail server runs dovecot and the outgoing mail server runs postfix with sasl. Lately I noticed a lot of spammers are running dictionary attacks on my incoming server and then using that user/password for sasl on the outgoing server. The weird thing is I never see on the logs the guessed
2013 Dec 24
0
Patch for Dovecot's quota policy daemon
Hi Timo, we wrote a simple Patch for the Dovecot quota policy daemon. If a user is over quota, I prefer blocking the user sending e-mails, so I need a policy daemon, that's able to use the envelope or sasl sender as lookup key. I'd be happy if that patch can become part of the normale Dovecot releases. Peer -------- Original-Nachricht -------- Betreff: Re: Fwd: Quota-Patch Datum:
2016 Jan 28
1
C7 postfix problem
Hi Timo, Am 28.01.2016 um 15:27 schrieb Timo Schoeler: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > smtp inet n - n - - smtpd -v <= !!! > #smtp inet n - n - 1 postscreen > #smtpd pass - - n - - smtpd > > smtpd -v instead of smtpd -- that will hopefully give
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@
2006 Dec 19
0
Bug#403758: Logcheck rules for Snort
Package: logcheck-database Hey, I created a logcheck ignore file for Snort with stuff I don't particularly want to see every day. The one line with the warning in it is questionable, so leave it in or out at your discretion. Also, my regex skills are not as good as they could be, so there are probably mistakes, or things that could be simplified more. Rules are below: ^\w{3} [
2007 May 25
0
Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database Version: 1.2.39 Severity: normal I use dhcp3-server and a dhcp client which is Sony HDD video recorder CoCoon. The client not return client host name. In this case, dhcpd server assumed the client host name is (none). Therefor dhcpd output log described below. > Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0 > Jan 7 10:49:25
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database Severity: wishlist Tags: patch Hi, some rules for ntpd as i couldn't find any: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [+-]*[0-9]{1,2}\.[0-9]{6} s$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2004 Oct 13
2
Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:
2004 Jul 21
1
Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
Package: logcheck Version: 1.2.23 Severity: normal Hello, I have: # /bin/cat ignore.d.server/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$ and: # /bin/cat ignore.d.paranoid/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck Version: 1.3.3 Severity: normal Tags: patch User: ubuntu-devel at lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch As reported in https://launchpad.net/bugs/307847: recent dhclient includes the ip address it is releasing and renewing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 Jun 05
0
Dovecot + Logcheck Regex
I'm using logcheck for log reporting on Debian Etch, and am currently getting a lot of log entries from Syslog falling through the standard logcheck regex filters. I'm running Dovecot 1.0beta8. The filters follow: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[(::ffff:)?[:0-9a-f.]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login:
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database Version: 1.2.23 Severity: minor Hi, a couple of minor corrections to the dhcp rule sets: First of all, the hostname matching parts need to include the "._-" signs (maybe . is not needed but it might be). Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST may be entailed by the string ": load balance to peer <somestring>".
2007 Mar 04
0
Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar
2006 Apr 18
0
Bug#363336: logcheck-database: incomplete regexp for popa3d log message
Package: logcheck-database Version: 1.2.43a Severity: normal Tags: patch Hi, Given the following popa3d log messages: popa3d[15636]: 0 messages (0 bytes) loaded popa3d[15993]: 1 message (3837 bytes) loaded popa3d[15856]: 3 messages (18116 bytes) loaded The current logcheck ruleset does not take into account that sometimes there might be multiple message_S_ to be loaded. The following patch