[Logwatch-Devel] pop3 patch

Chris Smith chris at interspire.com
Wed Mar 30 18:11:20 MST 2005


Hey all,

Small patch for the pop3 script (wasn't picking up couriertcpd lines 
properly - not sure which version of courier I have though).

# logwatch --version
Logwatch 6.0.1 (released 02/24/05)


Not sure what to make of this though....

# logwatch --service pop3 --print

....

Connections
-----------
          90
        4915
           2
           6
-----------
        5013

......

  **Unmatched Entries**
     Connection, ip=[203.201.67.2]: 90 Time(s)
     Connection, ip=[203.76.32.168]: 3215 Time(s)
     Connection, ip=[211.31.49.163]: 2 Time(s)
     Connection, ip=[68.32.110.85]: 6 Time(s)


Totally different numbers for the 2nd host.

Anybody seen anything like this ?

-- 
Regards,

Chris Smith

  Unit 2, 3 National Street, Rozelle, NSW 2039 Australia

Ph: +61 2 9555 5570
Fx: +61 2 9555 5571

email: info at interspire.com
web: http://www.interspire.com
-------------- next part --------------
--- pop3.orig	Wed Mar 30 19:30:21 2005
+++ pop3	Wed Mar 30 19:57:02 2005
@@ -69,20 +69,36 @@
       ($ThisLine =~ /^sptls: SSL_accept error: (-|)\d+$/) or
       ($ThisLine =~ /^sptls: do need at least RSA or DSA cert\/key data$/) or
       ($ThisLine =~ /^tpop3d shutdown  succeeded$/) or
-      ($ThisLine =~ /tpop3d startup  succeeded$/)
+      ($ThisLine =~ /tpop3d startup  succeeded$/) or
+      ($ThisLine =~ /^disconnected, user=/i) or
+      ($ThisLine =~ /^timeout, user=/i) or
+      ($ThisLine =~ /^connection, ip=/i)
    ) {
       # Don't care about these...
    } elsif (
       (($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ )) or
-      (($User, $Host) = ( $ThisLine =~ /^fork_child: \[\d\].*\((.*)\): began session for `(.*)' with .*; child PID is \d+$/ ))
+      (($User, $Host) = ( $ThisLine =~ /^fork_child: \[\d\].*\((.*)\): began session for `(.*)' with .*; child PID is \d+$/ )) or
+      (($User, $Host) = ( $ThisLine =~ /^LOGIN, user=(.*?), ip=\[(.*?)\]$/))
    ) {
       $Login{$User}{$Host}++;
-   } elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) {
+   } elsif (
+      (($User, $Host, $Downloaded, $DownloadedSize) = ( $ThisLine =~ /LOGOUT, user=(.*?), ip=\[(.*?)\], top=(\d+), retr=(\d+)$/))
+   ) {
+      $DownloadedMessagesSize{$User} += $DownloadedSize;
+      $DownloadedMessages{$User} += $Downloaded;
+      $Logout{$User}{$Host}++;
+      $Logout2{$User}++;
+      $Connection{$Host}++;
+   } elsif (
+      (($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/))
+   ) {
       $DownloadedMessages{$User} += $Downloaded;
       $DownloadedMessagesSize{$User} += $DownloadSize;
       $MessagesLeft{$User} = $Left;
       $MboxSize{$User} = $LeftSize;
-   } elsif ( ($User, $Host) = ( $ThisLine =~ /^session ended for user (.*?) - (.*)/) ) {
+   } elsif (
+      (($User, $Host) = ( $ThisLine =~ /^session ended for user (.*?) - (.*)/))
+   ) {
       $Logout{$User}{$Host}++;
       $Logout2{$User}++;
       $Connection{$Host}++;


More information about the Logwatch-Devel mailing list