diff options
author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-09-03 21:36:11 +0200 |
---|---|---|
committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-09-03 21:36:11 +0200 |
commit | a268c141b0ef7bf6656799ecbdc0dd264276eb2c (patch) | |
tree | 9654f56dec81f0f1ae2ead628d33dd7dd5867774 /files/etc/logcheck | |
parent | 93b6026c8984970fa9aea9c7f0bf8f40cfd4e3d0 (diff) |
update rules
Diffstat (limited to 'files/etc/logcheck')
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-dovecot | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index af9ab7c..edd60dd 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -31,6 +31,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1408F09C:SSL routines:ssl(2)?3_get_record:http request, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1408F0C6:SSL routines:ssl(2)?3_get_record:packet length too long, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1408F10B:SSL routines:ssl(2)?3_get_record:wrong version number, session=<[[:alnum:]/+]+>$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed: SSL_accept\(\) failed: error:0A00010B:SSL routines::wrong version number \(no auth attempts in 0 secs\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS handshaking: SSL_accept\(\) failed: error:0A00010B:SSL routines::wrong version number, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1408F119:SSL routines:ssl(2)?3_get_record:decryption failed or bad record mac, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:140940F5:SSL routines:ssl(2)?3_read_bytes:unexpected record, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:140943F2:SSL routines:SSL(2)?3_read_bytes:sslv3 alert unexpected message: SSL alert number 10, session=<[[:alnum:]/+]+>$ @@ -58,8 +59,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(tried to use disallowed plaintext auth\): user=<>, rip=[.[:xdigit:]]+, lip=[.[:xdigit:]]+, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Too many (invalid|bad) commands\.?)? \(no auth attempts( in [[:digit:]]+ secs)?\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+,( TLS,)? session=<[[:alnum:]/+]+>$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed \(no auth attempts in 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS: Connection closed, session=<[[:alnum:]/+]+>$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed \(no auth attempts in 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[[:alnum:]/+]+>$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed \(no auth attempts in 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS(: Connection closed)?, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?: (Connection closed|Disconnected|SSL_read\(\) syscall failed: Connection reset by peer), session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[[:alnum:]/+]+>$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected (tried to use unsupported auth mechanism): user=<[-_.@[:alnum:]]*>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(,( mpid=[[:digit:]]+,)? (TLS( handshake)?|secured))?(: Disconnected)?(, session=<[[:alnum:]/+]+>)?$ |