summaryrefslogtreecommitdiff
path: root/files/etc/logcheck
diff options
context:
space:
mode:
Diffstat (limited to 'files/etc/logcheck')
-rw-r--r--files/etc/logcheck/ignore.d.server/local-dovecot19
1 files changed, 11 insertions, 8 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot
index 4a11da1..d7b6982 100644
--- a/files/etc/logcheck/ignore.d.server/local-dovecot
+++ b/files/etc/logcheck/ignore.d.server/local-dovecot
@@ -13,8 +13,10 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]/+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]/+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): (Connection closed|Disconnected), session=<[[:alnum:]/+]+>$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): (Disconnected)? SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]/+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): (Disconnected)? SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? (Connection closed|Disconnected), session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1407609C:SSL routines:SSL(2)?3_GET_CLIENT_HELLO:http request, session=<[[:alnum:]/+]+>$
@@ -31,18 +33,19 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:14094416:SSL routines:SSL(2)?3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:14094418:SSL routines:ssl(2)?3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:14094418:SSL routines:SSL(2)?3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1409442E:SSL routines:ssl(2)?3_read_bytes:tlsv1 alert protocol version: SSL alert number 70, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1417D0FC:SSL routines:tls_process_client_hello:unknown protocol, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1417D18C:SSL routines:tls_process_client_hello:version too low, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? syscall failed: (Broken pipe|Connection reset by peer|Success)(, session=<[[:alnum:]/+]+>)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(disconnected before greeting, waited 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, session=<[[:alnum:]/+]+>?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(disconnected before greeting, waited 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(disconnected before greeting, waited 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(\) syscall failed: Connection reset by peer(, session=<[[:alnum:]/+]+>)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(tried to use disallowed plaintext auth\): user=<>, rip=[.[:xdigit:]]+, lip=[.[:xdigit:]]+, session=<[[:alnum:]/+]+>?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(tried to use disallowed plaintext auth\): user=<>, rip=[.[:xdigit:]]+, lip=[.[:xdigit:]]+, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Too many (invalid|bad) commands\.?)? \(no auth attempts( in [[:digit:]]+ secs)?\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+,( TLS,)? session=<[[:alnum:]/+]+>$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?: Connection closed, session=<[[:alnum:]/+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?: Disconnected, session=<[[:alnum:]/+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[[:alnum:]/+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS: SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]/+]+>?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?: Connection closed, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS( handshaking)?: Disconnected, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS: SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected (tried to use unsupported auth mechanism): user=<[-_.@[:alnum:]]*>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(,( mpid=[[:digit:]]+,)? (TLS( handshake)?|secured))?(: Disconnected)?(, session=<[[:alnum:]/+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(,( mpid=[[:digit:]]+,)? (TLS( handshake)?|secured))?(, session=<[[:alnum:]/+]+>)?$
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-16 10:49:57 +0000