Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add some logcheck exceptions for dovecot, kernel and pure-ftpd

Emmanuel Bouthenot 11 years ago
parent
e74bb12847
commit
1390403fcf
3 changed files with 9 additions and 1 deletions
Split View Show Diff Stats
  1. 4 1
      roles/common/files/logcheck/dovecot_local
  2. 1 0
      roles/common/files/logcheck/kernel_local
  3. 4 0
      roles/common/files/logcheck/pure-ftpd_local

+ 4 - 1
roles/common/files/logcheck/dovecot_local
View File 

@@ -1,3 +1,6 @@
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<.+>, method=.+, rip=[0-9:\.]+, lip=[0-9:\.]+, mpid=[0-9]+, .+, session=<.+>$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)\(.*\): (Connection closed|Disconnected: Logged out) in=[0-9]+ out=[0-9]+$
 
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \((disconnected before greeting, waited|no auth attempts in) [0-9]+ secs\): user=<>, rip=[:.0-9]+, lip=[:.0-9]+, secured, session=<.*>$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login: Disconnected \((disconnected before greeting, waited|no auth attempts in) [0-9]+ secs\): user=<>, rip=[:.0-9]+, lip=[:.0-9]+, (secured, )?session=<.*>$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth: Warning: auth client [0-9]+ disconnected with [0-9]+ pending requests: (Connection reset by peer|EOF)$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: (Disconnected|Aborted login) \(auth failed, [0-9]+ attempts in [0-9]+ secs\): user=<.+>, method=.+, rip=[:.0-9]+, lip=[:.0-9]+, session=<.*>$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth-worker\([0-9]+\): mysql\(.+\): Connected to database .+$

+ 1 - 0
roles/common/files/logcheck/kernel_local
View File 

@@ -1 +1,2 @@
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: do_IRQ: [0-9\.]+ No irq handler for vector \(irq [-0-9]+\)$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: Peer [:.0-9]+:[0-9]+/[0-9]+ unexpectedly shrunk window [0-9]+:[0-9]+ \(repaired\)$

+ 4 - 0
roles/common/files/logcheck/pure-ftpd_local
View File 

@@ -4,3 +4,7 @@
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([?.[:alnum:]-]+@[._[:alnum:]-]+\) \[ERROR\] Can't create directory: File exists$
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([._[:alnum:]-]+@[._[:alnum:]-]+\) \[NOTICE\] Restarting at [0-9]+$
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([?.[:alnum:]-]+@[:._[:alnum:]-]+\) \[INFO\] New connection from [:._[:alnum:]-]+$
 
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_unix\(pure-ftpd:auth\): check pass; user unknown$
 
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_unix\(pure-ftpd:auth\): authentication failure; logname= uid=[0-9]+ euid=[0-9]+ tty=pure-ftpd ruser=anonymous rhost=.*$
 
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \(\?@[:.0-9]+\) \[INFO\] PAM_RHOST enabled. Getting the peer address$
 
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \(\?@[:.0-9]+\) \[WARNING\] Authentication failed for user \[.*\]$