[syslog-ng] repeated lines
Peter Czanik
czanik at balabit.hu
Wed Oct 13 11:16:16 CEST 2010
Hello,
I'm just preparing patterns for uw-imapd. Problem:
Oct 12 16:54:12 ubuntu imapd[10555]: connect from 192.168.2.179
(192.168.2.179)
Oct 12 16:54:12 ubuntu imapd[10555]: imap service init from 192.168.2.179
Oct 12 16:54:17 ubuntu imapd[10555]: Login failed user=asdf auth=asdf
host=czp.localnet [192.168.2.179]
Oct 12 16:54:20 ubuntu imapd[10555]: AUTHENTICATE PLAIN failure
host=czp.localnet [192.168.2.179]
Oct 12 16:54:20 ubuntu imapd[10555]: Login failed user=asdf auth=asdf
host=czp.localnet [192.168.2.179]
Oct 12 16:54:48 ubuntu imapd[10555]: Unexpected client disconnect, while
reading line user=asdf host=czp.localnet [192.168.2.179]
As you can see, the line containing most information about the login
failure is repeated twice:
Login failed user=asdf auth=asdf host=czp.localnet [192.168.2.179]
How can I make sure, that only one name value pair is generated from
this event?
Bazsi: we talked about the importance of time on Monday: messages for a
single event arrived in an 8 seconds time span...
Bye,
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list