On 22.9.2013, at 1.29, Reindl Harald h.reindl@thelounge.net wrote:
if fact i would only need "login_log_format = %s" but in case of failed logins and dictionary attacks with unknown users "%u" is empty - if %u would *always* contain the used loginname, wether if it was successful or not i would have any needed information without the duplication
%u always has username as long as client sent it.
errta - the problem maybe was in cased of failed logins you see no difference without %$ comapred to a succesfull login
login_log_format_elements = status=%status <%u> %r %m %c login_log_format = %s
would perfectly solve this while %status or whatever placeholder would be failed / success
sorry for the spam and not put it in one reply
login_log_format_elements = %status <%u> %r %m %c %cipher login_log_format = %s
Sep 21 18:39:47 localhost dovecot: imap-login: OK, rhsoft@test.rh, 192.168.2.2, CRAM-MD5, DHE-RSA-CAMELLIA256-SHA
"TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" for %k leads to linebreaks in "tail -f" which makes it hard to follow while the proposd above contains any needed information and fits on a 27" screen in a single line, in case of unencrypted %cipher would be simply supressed
cat maillog | grep imap | grep "OK, " cat maillog | grep imap | grep "failed, "
cat maillog | grep pop3 | grep "OK, " cat maillog | grep pop3 | grep "failed, "
%$ is the status, so you're asking for another status variable. Something like in the attached patch, where you can replace %$ with %{login_status}?