[syslog-ng] repeated lines

Peter Czanik czanik at balabit.hu
Wed Oct 13 11:16:16 CEST 2010


Hello,

I'm just preparing patterns for uw-imapd. Problem:

Oct 12 16:54:12 ubuntu imapd[10555]: connect from 192.168.2.179
(192.168.2.179)
Oct 12 16:54:12 ubuntu imapd[10555]: imap service init from 192.168.2.179
Oct 12 16:54:17 ubuntu imapd[10555]: Login failed user=asdf auth=asdf
host=czp.localnet [192.168.2.179]
Oct 12 16:54:20 ubuntu imapd[10555]: AUTHENTICATE PLAIN failure
host=czp.localnet [192.168.2.179]
Oct 12 16:54:20 ubuntu imapd[10555]: Login failed user=asdf auth=asdf
host=czp.localnet [192.168.2.179]
Oct 12 16:54:48 ubuntu imapd[10555]: Unexpected client disconnect, while
reading line user=asdf host=czp.localnet [192.168.2.179]

As you can see, the line containing most information about the login
failure is repeated twice:

Login failed user=asdf auth=asdf host=czp.localnet [192.168.2.179]

How can I make sure, that only one name value pair is generated from
this event?

Bazsi: we talked about the importance of time on Monday: messages for a
single event arrived in an 8 seconds time span...
Bye,

-- 
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/




More information about the syslog-ng mailing list