From d9a6420c78d263a0316dcf6dcce05170a9b91745 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Hendrik=20J=C3=A4ger?= Date: Mon, 27 May 2024 14:53:43 +0200 Subject: [PATCH] update rules --- files/etc/logcheck/ignore.d.server/local-dovecot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index 992632a..72596fa 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -35,6 +35,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Aborted login by logging out \(.*\): user=<[[:alnum:]@*_.-]*>(, method=[[:alnum:]-]+)?, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(: Connection closed)?(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: read\(size=[[:digit:]]+\) failed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: read\(size=[[:digit:]]+\) failed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?:? read\(size=[[:digit:]]+\) failed: Connection reset by peer(, session=<[[:alnum:]/+]+>)?$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: Connection reset by peer \(.*\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)( handshaking)?, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed: (SSL_accept|SSL_read)\(?\)? failed: .*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected): Connection closed \(.*\): user=<[[:alnum:]@_.-]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ @@ -70,4 +71,3 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Aborted login|Disconnected) \(.*\):( user=<[[:alnum:]@_.-]*>,)?( method=[[:alnum:]-]+,)? rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS|SSL)(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[[:alnum:]@_.-]+>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:? read\(size=[[:digit:]]+\) failed: Connection reset by peer(, session=<[[:alnum:]/+]+>)?$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[[:alnum:]@_.-]+>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+, (TLS|SSL)( handshaking)?:?(, session=<[[:alnum:]/+]+>)?$ - -- 2.39.5