Since upgrading to Wheezy, I've had the following entries showing up in
my morning logwatch E-Mail:
> --------------------- Dovecot Begin ------------------------
>
> Dovecot disconnects:
> Inactivity: 27 Time(s)
> Inactivity (tried to use disallowed plaintext auth): 2 Time(s)
> Logged out in=1115 out=13676: 1 Time(s)
> Logged out in=12173 out=351935: 1 Time(s)
> Logged out in=1272 out=27883: 1 Time(s)
> Logged out in=1303 out=25234: 1 Time(s)
> Logged out in=1337 out=25064: 1 Time(s)
> Logged out in=1419 out=30466: 1 Time(s)
> Logged out in=1527 out=13360: 1 Time(s)
> [...]
Now, the way those entries are showing up in the syslog looks like this:
> Aug 11 09:12:48 janet dovecot: imap({username}): Disconnected: Logged out in=1714 out=32525
> Aug 11 09:56:55 janet dovecot: imap({username}): Disconnected: Logged out in=2348 out=48815
> Aug 11 13:06:15 janet dovecot: imap({username}): Disconnected: Logged out in=2566 out=44455
> [...]
"{username}" is just me blanking out the username that appeared there. :-)
Now, for the topper, here's what's in /etc/logwatch/conf/ignore.conf:
> dovecot: .*Connection closed in=
> dovecot: .*Logged out in=
> dovecot: .*Disconnected for inactivity in=
So, the $64,000 question is: Why are those entries showing up in the
report?? What am I missing here? :-)
(It's all the "logged out" messages I'm trying to ignore.)
--Dave
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature