Okay, this confuses the hell out of me: [System Events] Jul 6 10:48:23 seamus dovecot: pop3-login: Login: user=<[EMAIL PROTECTED]>, method=PLAIN, rip=84.72.30.149, lip=213.203.238.82, TLS
and here's the filter in ignore.d.server:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login:
user=<[EMAIL PROTECTED]:alnum:]]+>,
method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5),
rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$
Also:
seamus:~> echo "Jul 6 10:48:23 seamus dovecot: pop3-login: Login: user=<[EMAIL
PROTECTED]>, method=PLAIN, rip=84.72.30.149, lip=213.203.238.82, TLS" | egrep
-c "^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login:
user=<[EMAIL PROTECTED]:alnum:]]+>,
method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5),
rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS)?$"
1
Yet, for every POP3 (or IMAP) login, I get a logcheck mail. What's
going on?
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
darwinism is nothing without enough dead bodies.
signature.asc
Description: Digital signature (GPG/PGP)
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

