From 07d4e3df7ccc43860c36c77494cd4afd4e5f3e39 Mon Sep 17 00:00:00 2001 From: Hendrik Jaeger Date: Mon, 8 Apr 2019 09:26:00 +0200 Subject: [PATCH 1/1] Update logcheck rules for dovecot --- files/etc/logcheck/ignore.d.server/local-dovecot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index 2025f5b..4a11da1 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -14,7 +14,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]/+]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): (Connection closed|Disconnected), session=<[[:alnum:]/+]+>$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL): (Disconnected)? SSL_read\(\) syscall failed: Connection reset by peer, session=<[[:alnum:]/+]+>?$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>?$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS, )?session=<[[:alnum:]/+]+>?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? (Connection closed|Disconnected), session=<[[:alnum:]/+]+>$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? read\(size=[[:digit:]]+\) failed: Connection reset by peer, session=<[[:alnum:]/+]+>$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|disconnected before auth was ready, waited 0 secs)?\): user=<[[:alnum:]@_.-]*>, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1407609C:SSL routines:SSL(2)?3_GET_CLIENT_HELLO:http request, session=<[[:alnum:]/+]+>$ -- 2.39.2