1

I'm running Ubuntu 14.04 LTS server and use logcheck to report log messages. I have the logcheck-database installed which contains a horde3 ignore file for the server:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: \[horde\] Login success for [@._[:alnum:]-]+ \[[.0-9]{7,15}\] to Horde \[on line [0-9]+ of ".+"\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: \[horde\] User [@._[:alnum:]-]+ \[[.0-9]{7,15}\] logged out of Horde \[on line [0-9]+ of ".+"\]$

So why is log check reporting the following horde log messages:

Feb 20 09:37:13 xxx HORDE: [imp] Login success for [email protected] (xx.xxx.xxx.xx) to {imap://mail.xxx.de/} [pid 428 on line 157 of "/var/www/horde/imp/lib/Auth.php"] Feb 20 09:37:37 xxx HORDE: [horde] User [email protected] logged out of Horde (xx.xx.xxx.xxx) [pid 21839 on line 107 of "/var/www/horde/login.php"]

I'm using Horde Webmail 5.2.5.

Improve this question

1 Answer 1

Reset to default
1

It turned out that the Horde messages have changed a bit so the regular expressions in the horde3 file don't match.

Here are the correct regular expressions for Horde Webmail 5.2.5:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HORDE: \[imp\] Login success for [@._[:alnum:]-]+ \([.0-9]{7,15}\) to \{[:\/.[:alnum:]-]+\} \[pid [0-9$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HORDE: message repeated [0-9]+ times: \[ \[imp\] Login success for [@._[:alnum:]-]+ \([.0-9]{7,15}\) t$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HORDE: \[horde\] User [@._[:alnum:]-]+ logged out of Horde \([.0-9]{7,15}\) \[pid [0-9]+ on line [0-9]$
Improve this answer
1
  • I've added the regex for the "message repeated x times" log message. Commented Feb 22, 2015 at 21:06

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.