Disable logging for localhost

André Rodier andre at rodier.me
Wed Oct 24 13:46:45 EEST 2018 

On 2018-10-22 12:16, Shawn Heisey wrote:
> On 10/21/2018 8:23 AM, André Rodier wrote:
>> I am using Zabbix to monitor my Dovecot server, and my logs are filled 
>> with lines like this:
>> 
>>> Oct 21 15:04:46 osaka dovecot[1256]: pop3-login: Aborted login (no 
>>> auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, 
>>> secured, session=<bWd0nr14SuF/AAAB>
>>> Oct 21 15:05:29 osaka dovecot[1256]: imap-login: Aborted login (no 
>>> auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, 
>>> secured, session=<MlAGob147Jd/AAAB>
>> 
>> How can I disable logging these actions from 127.0.0.1?
> 
> Presumably you are concerned not so much with having these lines in
> the logfile, as you are with your monitoring software seeing them and
> generating alarms because they are reported to syslog as errors.  If
> I'm wrong about that, then the rest of this message probably won't
> apply.
> 
> Monitoring software that reports errors in logfiles should have the
> ability to specify messages to ignore.  Often this is done with
> regex.  Since you mentioned Zabbix, I'm betting it's that software
> that generates the reports you would like to stop. It looks like it
> does have the ability to use a regex to filter logs.
> 
> https://www.zabbix.com/documentation/4.0/manual/config/items/itemtypes/log_items
> 
> This regex ought to do the trick and not filter out other error
> messages (like login failures) that occur on localhost.  Hopefully it
> gets preserved on one line, not mangled by my mail client:
> 
> dovecot.*(imap|pop3)-login: Aborted .*rip=127\.0\.0\.\d+, 
> lip=127\.0\.0\.\d+,
> 
> The "\d+" notation generally only works if the software is using PCRE
> - Perl Compatible Regular Expressions.  It does look like Zabbix is
> using PCRE, so if it's Zabbix we're talking about, that regex should
> be OK.  Possible replacements for \d+ if it doesn't work:
> 
> [0-9]+
> [0-9]*
> 
> Thanks,
> Shawn

These lines are in the mail.log. I am not talking about Zabbix.

Zabbix generate a connection every second, on both Postfix and Dovecot.

I want these two services to not log connections when they are coming 
from 127.0.0.1, if possible.

Both journalctl (Systemd) and log files are spammed with these lines, 
and I would like to avoid dovecot logging them.

I should have made this clearer.

Kind regards,
André
-- 
https://github.com/progmaticltd/homebox

More information about the dovecot mailing list