I have rules like this on my servers:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:
[._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER
[-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+
\[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even think about contacting the netblock operators. However, is it okay to filter messages of that sort in ignore.d.server? I say yes, because there's also paranoid. But I want a second opinion on this... -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system "the good thing about standards is that there are so many to choose from." -- andrew s. tanenbaum
signature.asc
Description: Digital signature (GPG/PGP)
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

