Tag Archives: logcheck

logcheck — various filters


As mentioned earlier, I have a few of these logcheck filters I have created over the past few years. I use Debian and CentOS so other distros may not perfectly match.

These work in conjunction with the default filters, hence their naming scheme of local_<service>.

Dovecot
login, logout, mysql connections, lda delivery, ssl regen

  local_dovecot (1.5 KiB, 2,001 hits)

Managesieve (part of Dovecot)
login, logout

  local_managesieve (320 bytes, 1,966 hits)

OpenVPN
login related

  local_openvpn (506 bytes, 1,956 hits)

PostFWD
statistic log lines: dnsbl, rules, stats, cache, rate

  local_postfwd (104 bytes, 1,892 hits)

ProFTPd mod_ban (optional module)
obtained, detached, removed, showing ban list

  local_proftpd-banlog (230 bytes, 1,768 hits)

rSYSlog
start, exit, reload/hup, mark

  local_rsyslog (954 bytes, 1,862 hits)

OpenSSH
closed user request, closed preauth 127.0.0.1

  local_ssh (255 bytes, 1,994 hits)

swapspace
allocating, retiring, adding (kernel)

  local_swapspace (324 bytes, 1,940 hits)

logcheck — amavisd-new filter

Posted on .

Tested using Debian 7 Wheezy. To be added to /etc/logcheck/ignore.d.server/

With javascript enabled, the above regex block has a toolbar with a copy-to-clipboard button.

I have quite a few of these custom filters, I’ll post some more at another time.