14 lines
684 B
Plaintext
14 lines
684 B
Plaintext
# dovecot
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+.*$
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Disconnected: Logged out.*$
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Connection closed in.*$
|
|
|
|
# cron
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (CROND|crond|run-crons)(\[[0-9]+\])?: .*$
|
|
|
|
# syn-flood
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: IPTables SYN-FLOOD: .*$
|
|
|
|
# pure-ftpd
|
|
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: [^[]*\[INFO\].*$
|