[Dovecot] Audit log?

Bjørn T Johansen btj at havleik.no
Fri Dec 21 13:04:47 EET 2007


On Thu, 20 Dec 2007 18:42:01 +0200
Timo Sirainen <tss at iki.fi> wrote:

> On Thu, 2007-12-20 at 13:18 +0100, Bjørn T Johansen wrote:
> > Yes, I know about those but I was kind of hoping to see failed authentications in some logs without enabling debug logging,
> > like if I use PAM authentication....
> 
> auth_verbose=yes enables logging failed logins.
> 

That did the trick... thx... :)

If I only had learned regexp like I have been meaning too for many years now, this would have been a piece of cake but...

Does anyone use Dovecot together with fail2ban? If so, could any one share the failregex they are using? (A)
(or perhaps someone could create a regexp that recognize a line like this:

dovecot: Dec 21 11:58:07 Info: auth(default): sql(btj at havleik.no,85.19.143.23): Password mismatch

)


BTJ


More information about the dovecot mailing list