Package: logcheck-database Followup-For: Bug #407642 I've found another litle error in dovecot POP3 rules.
The line
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([EMAIL
PROTECTED]:alnum:]]+\): Disconnected: Logged out top=[[:digit:]]+/[[:digit:]]+,
retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+,
size=[[:digit:]]+$
must be similar to the following IMAP one (on my system logcheck are
reporting pop3 logout from local users).
Missed log lines are like the following:
Jan 15 23:34:50 lorien dovecot: POP3([EMAIL PROTECTED]): Disconnected for
inactivity top=0/0, retr=0/0, del=0/2, size=8186
Jan 20 11:09:25 lorien dovecot: POP3([EMAIL PROTECTED]): Disconnected top=0/0,
retr=0/0, del=0/5, size=26615
Attached you can find the updaded patch
--
---------------------------------------------------------------------
| Marco Nenciarini | Debian/GNU Linux Developer - Plug Member |
| [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
--- dovecot.orig 2007-01-20 11:17:38.000000000 +0100
+++ dovecot 2007-01-20 15:02:12.000000000 +0100
@@ -2,14 +2,14 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:[EMAIL PROTECTED] \[[.:[:xdigit:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \[[.:[:xdigit:]]+\]$
# 1.0 and beyond
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: (user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Too many invalid commands: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Inactivity: (method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: (user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: (user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Too many invalid commands: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Inactivity: (method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: (user=<[EMAIL PROTECTED]:alnum:]]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|DIGEST)-MD5|(cram|digest)-md5), )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshake)?)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([EMAIL PROTECTED]:alnum:]]+\): Disconnected: Logged out top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login: rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([EMAIL PROTECTED]:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected)? top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([EMAIL PROTECTED]:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL parameters regeneration completed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\(-_.[[:alnum:]]+\): (pg|my)sql: Connected to [-_.[:alnum:]]+$
signature.asc
Description: Digital signature
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
