tags 309084 pending
thanks
On Sat, 14 May 2005, Tilman Koschnick wrote:
> Hi,
>
> find attached an additional rule for proftpd, and some minor fixes
> for the existing ones. Could you please include this in the database?
thanks for the new rulefile,
corrected dot match in bracket expressions.
> Cheers, Til
> --- logcheck/ignore.d.server/proftpd (revision 322)
> +++ logcheck/ignore.d.server/proftpd (local)
> @@ -1,3 +1,4 @@
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [\._[:alnum:]-]+: Login
> successful\.$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
> (opened|closed) for user [\._[:alnum:]-]+( by \(uid=[0-9]+\))$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login
> successful\.$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/0.4: delaying for [0-9]+
> usecs$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
> (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\)|)$
attached the current rules out of logcheck cvs.
please test them.
thanks for your feedback.
--
maks
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login
successful\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
(opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for
[0-9]+ usecs$
