Disable logging for localhost
André Rodier
andre at rodier.me
Wed Oct 24 13:46:45 EEST 2018
On 2018-10-22 12:16, Shawn Heisey wrote:
> On 10/21/2018 8:23 AM, André Rodier wrote:
>> I am using Zabbix to monitor my Dovecot server, and my logs are filled
>> with lines like this:
>>
>>> Oct 21 15:04:46 osaka dovecot[1256]: pop3-login: Aborted login (no
>>> auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1,
>>> secured, session=<bWd0nr14SuF/AAAB>
>>> Oct 21 15:05:29 osaka dovecot[1256]: imap-login: Aborted login (no
>>> auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1,
>>> secured, session=<MlAGob147Jd/AAAB>
>>
>> How can I disable logging these actions from 127.0.0.1?
>
> Presumably you are concerned not so much with having these lines in
> the logfile, as you are with your monitoring software seeing them and
> generating alarms because they are reported to syslog as errors. If
> I'm wrong about that, then the rest of this message probably won't
> apply.
>
> Monitoring software that reports errors in logfiles should have the
> ability to specify messages to ignore. Often this is done with
> regex. Since you mentioned Zabbix, I'm betting it's that software
> that generates the reports you would like to stop. It looks like it
> does have the ability to use a regex to filter logs.
>
> https://www.zabbix.com/documentation/4.0/manual/config/items/itemtypes/log_items
>
> This regex ought to do the trick and not filter out other error
> messages (like login failures) that occur on localhost. Hopefully it
> gets preserved on one line, not mangled by my mail client:
>
> dovecot.*(imap|pop3)-login: Aborted .*rip=127\.0\.0\.\d+,
> lip=127\.0\.0\.\d+,
>
> The "\d+" notation generally only works if the software is using PCRE
> - Perl Compatible Regular Expressions. It does look like Zabbix is
> using PCRE, so if it's Zabbix we're talking about, that regex should
> be OK. Possible replacements for \d+ if it doesn't work:
>
> [0-9]+
> [0-9]*
>
> Thanks,
> Shawn
These lines are in the mail.log. I am not talking about Zabbix.
Zabbix generate a connection every second, on both Postfix and Dovecot.
I want these two services to not log connections when they are coming
from 127.0.0.1, if possible.
Both journalctl (Systemd) and log files are spammed with these lines,
and I would like to avoid dovecot logging them.
I should have made this clearer.
Kind regards,
André
--
https://github.com/progmaticltd/homebox
More information about the dovecot
mailing list