BF: fix dovecot filter for when no TLS is enabled on pop/imap

2013-07-01 21:12:51 +10:00 · 2013-07-01 21:12:51 +10:00 · 3b76fc79f9
parent b670b5c792
commit 3b76fc79f9
4 changed files with 5 additions and 1 deletions
--- a/2
+++ b/2
@ -13,6 +13,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
 - Fixes:
  Yaroslav Halchenko
   * filter.d/common.conf -- make colon after [daemon] optional. Closes gh-267
+	Daniel Black & Мернов Георгий
+	 * filter.d/dovecot.conf -- Fix when no TLS enabled - line doesn't end in ,
 - New Features:
  Daniel Black & ykimon
   * filter.d/3proxy.conf -- filter added
--- a/1
+++ b/1
@ -33,6 +33,7 @@ Mark Edgington
 Markus Hoffmann
 Marvin Rouge
 mEDI
+Мернов Георгий
 Michael C. Haller
 Michael Hanselmann
 NickMunger
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@ -17,7 +17,7 @@ _daemon = dovecot(-auth)?
 # Values:  TEXT
 #
 failregex = ^%(__prefix_line)s(pam_unix(?:\(\S+\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
-            ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \((no auth attempts|auth failed, \d+ attempts|tried to use disabled \S+ auth)\):( user=<\S+>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3},( TLS( handshaking)?(: Disconnected)?)?\s*$
+            ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \((no auth attempts|auth failed, \d+ attempts|tried to use disabled \S+ auth)\):( user=<\S+>,)?( method=\S+,)? rip=<HOST>, lip=(?:\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?\s*$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/testcases/files/logs/dovecot
+++ b/testcases/files/logs/dovecot
@ -12,4 +12,5 @@ Jun 14 00:48:21 platypus dovecot: imap-login: Disconnected (auth failed, 1 attem
 Jun 13 20:48:11 platypus dovecot: pop3-login: Disconnected (no auth attempts): rip=121.44.24.254, lip=113.212.99.194, TLS: Disconnected
 Jun 13 21:48:06 platypus dovecot: pop3-login: Disconnected: Inactivity (no auth attempts): rip=180.200.180.81, lip=113.212.99.194, TLS
 Jun 13 20:20:21 platypus dovecot: imap-login: Disconnected (no auth attempts): rip=180.189.168.166, lip=113.212.99.194, TLS handshaking: Disconnected
+Jun 23 00:52:43 vhost1-ua dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts): user=<info>, method=PLAIN, rip=193.95.245.163, lip=176.214.13.210