^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]+/]+>: Logged out in=[[:digit:]]+ out=[[:digit:]]+ deleted=[[:digit:]]+ expunged=[[:digit:]]+ trashed=[[:digit:]]+ hdr_count=[[:digit:]]+ hdr_bytes=[[:digit:]]+ body_count=[[:digit:]]+ body_bytes=[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected| in [[:upper:]]+|: Too many invalid IMAP commands\.)?( in IDLE)? in=[[:digit:]]+ out=[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Logged out in=[[:digit:]]+ out=[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]+/]+>: msgid=([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): saved mail to [[:alnum:]\/._-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]+/]+>: sieve: msgid=(\? )?([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): stored mail into mailbox '[^[:space:]]+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): msgid=([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): saved mail to [[:alnum:]\/._-]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]+/]+>: msgid=([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): saved mail to [[:alnum:]\/._-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): sieve: msgid=(\? )?([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): stored mail into mailbox '[^[:space:]]+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): sieve: msgid=<[[:alnum:]":@=\+\/.,_!&\$%#~-]+>: forwarded to <[[:alnum:]":@=\+\/.,_!&\$%#~-]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]\/\+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]\/\+]+>)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]\/\+]+>)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)? SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]\/\+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]\/\+]+>)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS handshaking: read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]\/\+]+>?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? Connection closed, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? Disconnected, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)?( handshaking), )?session=<[[:alnum:]\/\+]+>?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS handshaking: read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]\/\+]+>?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? syscall failed: Broken pipe, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? syscall failed: Connection reset by peer(, session=<[[:alnum:]\/\+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? syscall failed: Success, session=<[[:alnum:]\/\+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]\/\+]+>)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)? SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]\/\+]+>?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]\/\+]+>)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \((disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS handshaking: read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]/+]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \((disconnected before auth was ready, waited 0 secs|no auth attempts( in [[:digit:]]+ secs)?)\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? Connection closed, session=<[[:alnum:]\/\+]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(disconnected before greeting, waited 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, session=<[[:alnum:]\/\+]+>?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(disconnected before greeting, waited 0 secs\): user=<>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(\) syscall failed: Connection reset by peer(, session=<[[:alnum:]\/\+]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(tried to use disallowed plaintext auth\): user=<>, rip=[.[:xdigit:]]+, lip=[.[:xdigit:]]+, session=<[[:alnum:]\/\+]+>?$
projects / user / henk / code / puppet / modules / logcheck.git / commitdiff