From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Mon, 27 May 2024 12:53:43 +0000 (+0200)
Subject: update rules
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=d9a6420c78d263a0316dcf6dcce05170a9b91745;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

update rules
---

diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot
index 992632a..72596fa 100644
--- a/files/etc/logcheck/ignore.d.server/local-dovecot
+++ b/files/etc/logcheck/ignore.d.server/local-dovecot
@@ -35,6 +35,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Aborted login by logging out \(.*\): user=<[[:alnum:]@*_.-]*>(, method=[[:alnum:]-]+)?, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(: Connection closed)?(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: read\(size=[[:digit:]]+\) failed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: read\(size=[[:digit:]]+\) failed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? read\(size=[[:digit:]]+\) failed: Connection reset by peer(, session=<[[:alnum:]/+]+>)?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: (SSL_accept|SSL_read)\(?\)? failed: .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$
@@ -70,4 +71,3 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[[:alnum:]@_.-]+>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? read\(size=[[:digit:]]+\) failed: Connection reset by peer(, session=<[[:alnum:]/+]+>)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[[:alnum:]@_.-]+>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:?(, session=<[[:alnum:]/+]+>)?$
-