On Sat, 2005-05-14 at 17:15 +0200, maximilian attems wrote:
> tags 309084 pending
> thanks
>
> On Sat, 14 May 2005, Tilman Koschnick wrote:
>
> > Hi,
> >
> > find attached an additional rule for proftpd, and some minor fixes
> > for the existing ones. Could you please include this in the database?
>
> thanks for the new rulefile,
> corrected dot match in bracket expressions.
>
> > Cheers, Til
>
>
> > --- logcheck/ignore.d.server/proftpd (revision 322)
> > +++ logcheck/ignore.d.server/proftpd (local)
> > @@ -1,3 +1,4 @@
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> > \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> > \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [\._[:alnum:]-]+: Login
> > successful\.$
> > -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
> > (opened|closed) for user [\._[:alnum:]-]+( by \(uid=[0-9]+\))$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> > \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login
> > successful\.$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
> > \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/0.4: delaying for [0-9]+
> > usecs$
> > +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
> > (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\)|)$
>
> attached the current rules out of logcheck cvs.
> please test them.
> thanks for your feedback.
The rules are working fine, many thanks!
Til
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
