logwatch courier-imapの設定

Hizumi
(2004年12月11日 14:43) | | トラックバック(0)

FedoreCore3用の Courier-imapの logwatchの設定。

/etc/log.d/conf/services/pop3.conf
/etc/log.d/scripts/services/pop3
/etc/log.d/scripts/services/imapd

□ /etc/log.d/conf/services/pop3.conf
*** pop3.conf.org 2004-12-11 21:06:38.387999734 +0900
--- pop3.conf 2004-12-11 21:07:24.868212904 +0900
***************
*** 15,21 ****
Title = "POP-3"

# Which logfile group...
! LogFile = messages

# Only give lines pertaining to courier...
# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1
--- 15,21 ----
Title = "POP-3"

# Which logfile group...
! LogFile = maillog

# Only give lines pertaining to courier...
# I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1


□ /etc/log.d/scripts/services/pop3
*** pop3.org 2004-12-11 21:11:16.856247486 +0900
--- pop3 2004-12-11 12:20:41.000000000 +0900
***************
*** 19,31 ****
sub LookupIPv46 {
my $IPv4Addr;
my $Addr = $_[0];
if ( ($IPv4Addr) = ($Addr =~ /::ffff:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/ ) ) {
! # print "$IPv4Addr\n";
return $IPv4Addr;

}
else {
! # print $Addr;
return $Addr;

}
--- 19,32 ----
sub LookupIPv46 {
my $IPv4Addr;
my $Addr = $_[0];
+ #print "DEBUG:LookupIPv46($Addr)\n" ;
if ( ($IPv4Addr) = ($Addr =~ /::ffff:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})/ ) ) {
! # print "DEBUG:64:$IPv4Addr\n";
return $IPv4Addr;

}
else {
! # print "DEBUG:44:$Addr\n";
return $Addr;

}
***************
*** 54,63 ****
--- 55,75 ----
($ThisLine =~ /^spgetpwnam: can't find user: */) or
($ThisLine =~ /^sptls: SSL_accept error: (-|)\d+$/) or
($ThisLine =~ /^sptls: do need at least RSA or DSA cert\/key data$/)
+ # ---------------------------------------------------------------------------------
+ or
+ ($ThisLine =~ /^Connection, ip=/) or
+ ($ThisLine =~ /^Unexpected SSL connection shutdown.$/) or
+ ($ThisLine =~ /^couriertls: read: Connection reset by peer$/) or
+ ($ThisLine =~ /^LOGOUT, /)
+ # ---------------------------------------------------------------------------------
) {
# Don't care about these...
} elsif ( ($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ ) ) {
$Login{$User}{$Host}++;
+ # ---------------------------------------------------------------------------------
+ } elsif ( ($User, $Host) = ( $ThisLine =~ /^LOGIN, user=(.*?), ip=\[(.*)\]$/ ) ) {
+ $Login{$User}{$Host}++;
+ # ---------------------------------------------------------------------------------
} elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) {
$DownloadedMessages{$User} += $Downloaded;
$DownloadedMessagesSize{$User} += $DownloadSize;
***************
*** 72,77 ****
--- 84,94 ----
$Connection{$Host}++;
} elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed for user (.*?) - (.*)/ ) ) {
$LoginFailed{"$Host ($User)"}++;
+ # ---------------------------------------------------------------------------------
+ } elsif ( ($Host) = ( $ThisLine =~ /^LOGIN FAILED, ip=\[(.+)\]/ ) ) {
+ $Host=&LookupIPv46($Host) ;
+ $LoginFailed{"$Host (User)"}++;
+ # ---------------------------------------------------------------------------------
} elsif ( ($User,$Host) = ( $ThisLine =~ /^authentication failed: no such user: (.*?) - (.*)/ ) ) {
$LoginFailed{"$Host (UNKNOWN: $User)"}++;
} elsif ( ($Mechanism) = ( $ThisLine =~ /^sptls: TLS connection established: (.*)$/ ) ) {

□ /etc/log.d/scripts/services/imapd
*** imapd.org 2004-12-11 21:11:08.005740742 +0900
--- imapd 2004-12-11 12:21:42.000000000 +0900
***************
*** 39,44 ****
--- 39,52 ----
if (
($ThisLine =~ /^Initializing */) or
($ThisLine =~ /^spgetpwnam: can't find user: */)
+ # -------------------------------------------------------------------------------
+ or
+ ($ThisLine =~ /^Connection, ip=/) or
+ ($ThisLine =~ /^LOGOUT, user=/) or
+ ($ThisLine =~ /^Unexpected SSL connection shutdown.$/) or
+ ($ThisLine =~ /^couriertls: read: Connection reset by peer$/) or
+ ($ThisLine =~ /^DISCONNECTED, user=/)
+ # -------------------------------------------------------------------------------
) {
# Don't care about these...
} elsif ( ($User, $Host) = ( $ThisLine =~ /^Login user=(.*?) host=(.* \[.*\])$/ ) ) {
***************
*** 47,52 ****
--- 55,64 ----
$Login{$User}{$Host}++;
} elsif ( ($User,$Host) = ( $ThisLine =~ /^Preauthenticated user=(.*) host=(.*)$/ ) ) {
$Login{$User}{$Host}++;
+ # -------------------------------------------------------------------------------
+ } elsif ( ($User,$Host) = ( $ThisLine =~ /^LOGIN, user=(.*?), ip=\[([^\]]+)\],/ ) ) {
+ $Login{$User}{$Host}++;
+ # -------------------------------------------------------------------------------
} elsif ( ($Host) = ( $ThisLine =~ /^imap service init from (.*)$/ ) ) {
$ConnectionNonSSL{$Host}++;
$Connection{$Host}++;
***************
*** 199,205 ****


if ( ( $Detail >= 10 ) and (keys %Login)) {
! print "\n[POP3] Successful Logins:\n";
$LoginCount = 0;
foreach my $User (keys %Login) {
print " User $User: \n";
--- 211,220 ----


if ( ( $Detail >= 10 ) and (keys %Login)) {
! # --------------------------------------------------
! #print "\n[POP3] Successful Logins:\n";
! # --------------------------------------------------
! print "\n[IMAPd] Successful Logins:\n";
$LoginCount = 0;
foreach my $User (keys %Login) {
print " User $User: \n";

カテゴリ:

トラックバック(0)

このブログ記事を参照しているブログ一覧: logwatch courier-imapの設定

このブログ記事に対するトラックバックURL: http://www.aritia.org/mt/mt-tb.cgi/23

2008年12月

  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

アーカイブ

カテゴリ

ウェブページ

Powered by Movable Type 4.23-ja

Index

タグクラウド

検索

最近のブログ記事

Techonrati

Technorati search

» リンクしているブログ

このブログ記事について

このページは、Hizumiが2004年12月11日 14:43に書いたブログ記事です。

ひとつ前のブログ記事は「バッシーの写真」です。

次のブログ記事は「logwatch postfix の設定」です。

最近のコンテンツはインデックスページで見られます。過去に書かれたものはアーカイブのページで見られます。