From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Mon, 11 Sep 2023 13:05:13 +0000 (+0200)
Subject: update rules
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=6ce8be256c300c55b0911c86e360711a464fe40c;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

update rules
---

diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot
index 89a926b..1b9a0d7 100644
--- a/files/etc/logcheck/ignore.d.server/local-dovecot
+++ b/files/etc/logcheck/ignore.d.server/local-dovecot
@@ -78,7 +78,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? (SSL_accept|SSL_read)\(?\)? syscall failed: .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Inactivity \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many bad commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\. \(.*\): user=<>, rip=[[:xdigit:]].:]+, lip=[[:xdigit:]].:]+(, session=<[[:alnum:]/+]+>)?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Too many invalid commands\.? \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? Disconnected(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? handshake: Disconnected(, session=<[[:alnum:]/+]+>)?$