diff options
Diffstat (limited to 'roles/common/files/etc')
-rw-r--r-- | roles/common/files/etc/logcheck/ignore.d.server/dovecot-local | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local index d6826a1..b27e736 100644 --- a/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local +++ b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local @@ -6,9 +6,10 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Connection closed(: Connection reset by peer)?( in=[[:digit:]]+ out=[[:digit:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, mpid=[0-9]+(, (TLS|secured), session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[^>]+>$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts in [[:digit:]]+ secs\):( user=<>,)?|\(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|SSL)( handshaking)?(: SSL_(accept|read)\(\) (syscall failed: Connection reset by peer|failed: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure: SSL alert number 10|failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46|failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48|failed: error:[[:xdigit:]]+:SSL routines:SSL2?3_GET_CLIENT_HELLO:(unknown protocol|http request|no shared cipher))|: Disconnected)?|, secured)?, session=<[^>]+>$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts in [[:digit:]]+ secs\):( user=<>,)?|\(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|SSL)( handshaking)?(: SSL_(accept|read)\(\) (syscall failed: Connection reset by peer|failed: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure: SSL alert number 10|failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42|failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46|failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48|failed: error:[[:xdigit:]]+:SSL routines:SSL2?3_GET_CLIENT_HELLO:(unknown protocol|http request|no shared cipher))|: Disconnected)?|, secured)?, session=<[^>]+>$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth: Warning: auth client [[:digit:]]+ disconnected with [[:digit:]]+ pending requests: EOF$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Warning: Auth connection closed with [[:digit:]]+ pending requests \(max [[:digit:]]+ secs, pid=[[:digit:]]+, EOF\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected \((auth process communication failure|client didn't finish SASL auth, waited [[:digit:]]+ secs)\): user=<>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: SSL_read\(\) syscall failed: Connection reset by peer)?, session=<[^>]+>)?$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected \((auth process communication failure|client didn't finish SASL auth, waited [[:digit:]]+ secs)\): user=<>, method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: SSL_read\(\) syscall failed: Connection reset by peer|: Disconnected)?, session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL alert number 10$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap-login: (Disconnected: Inactivity during authentication|Aborted login) \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]*>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured)(: Disconnected)?, session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected \(tried to use unsupported auth mechanism\): user=<>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured), session=<[^>]+>)?$ @@ -16,7 +17,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Maximum number of connections from user\+IP exceeded \(mail_max_userip_connections=[[:digit:]]+\): user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS|secured), session=<[^>]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+\): Connect from local$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+\): Disconnect from local: (Client quit|Connection closed) \(in reset\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): [+/[:alnum:]]{22}: sieve: msgid=(<[^>]+>|unspecified): (stored mail into mailbox '|marked message to be discarded if not explicitly delivered \(discard action\)$) +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): [+/[:alnum:]]{22}: sieve: msgid=(\S+ )?|<[^>]*>( \(added by \S+\))?: (stored mail into mailbox '|marked message to be discarded if not explicitly delivered \(discard action\)$|forwarded to ) ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([-_.@[:alnum:]]+, [^@]+@[^@]+\): Error: [+/[:alnum:]]{22}: sieve: execution of script \S+ failed, but implicit keep was successful \(user logfile \S+ may reveal additional details\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lmtp\([0-9]+\): Disconnect from local: Successful quit$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, mpid=[0-9]+(, TLS, session=<[^>]+>)?$ |