Should dovecot not be using different logging facility and severity levels?
Marc Roos
M.Roos at f1-outsourcing.eu
Fri Aug 9 17:39:16 EEST 2019
Should dovecot not be using different severity levels like auth.warn? On
my system everything goes to loglevel info:
lev_info:Aug 9 16:18:24 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<UBXJ2K+PYh68zmjw>
lev_info:Aug 9 16:18:29 mail03 dovecot: auth-worker(28656):
pam(krinfo,188.206.104.240,<LOLx2K+PYx68zmjw>): unknown user
lev_info:Aug 9 16:18:50 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 25 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS: Disconnected, session=<LOLx2K+PYx68zmjw>
lev_info:Aug 9 16:18:53 mail03 dovecot: auth-worker(28656):
pam(krinfo,188.206.104.240,<qJOm2q+Pax68zmjw>): unknown user
lev_info:Aug 9 16:19:01 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 8 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<qJOm2q+Pax68zmjw>
lev_info:Aug 9 16:19:13 mail03 dovecot: auth-worker(28656):
pam(krinfo,188.206.104.240,<k8/X26+Pch68zmjw>): unknown user
lev_info:Aug 9 16:19:15 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<k8/X26+Pch68zmjw>
lev_info:Aug 9 16:19:24 mail03 dovecot: auth-worker(28656):
pam(krinfo,188.206.104.240,<MjBy3K+Pfh68zmjw>): unknown user
lev_info:Aug 9 16:19:26 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<MjBy3K+Pfh68zmjw>
lev_info:Aug 9 16:19:27 mail03 dovecot: auth-worker(28656):
pam(krinfo,188.206.104.240,<oRmo3K+Pfx68zmjw>): unknown user
lev_info:Aug 9 16:19:29 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<oRmo3K+Pfx68zmjw>
lev_info:Aug 9 16:19:47 mail03 dovecot: auth-worker(29664):
pam(krinfo,188.206.104.240,<14Pb3a+Pih68zmjw>): unknown user
lev_info:Aug 9 16:19:49 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<14Pb3a+Pih68zmjw>
lev_info:Aug 9 16:19:51 mail03 dovecot: auth-worker(29664):
pam(krinfo,188.206.104.240,<99cO3q+Pix68zmjw>): unknown user
lev_info:Aug 9 16:19:53 mail03 dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x,
lip=x.x.x.x, TLS, session=<99cO3q+Pix68zmjw>
This is how failed attempts are logged by vsftpd
fac_authpriv:Aug 9 16:24:42 web01 vsftpd[7255]: pam_ldap(vsftpd:auth):
Authentication failure; user=xxxxx
fac_authpriv:Aug 9 16:24:42 web01 vsftpd[7255]: pam_unix(vsftpd:auth):
authentication failure; logname= uid=0 euid=0 tty=ftp ruser=xxxxx
rhost=xxxxx user=xxxxx
fac_ftp:Aug 9 16:24:44 web01 vsftpd[7255]: [xxxxx] FAIL LOGIN: Client
"x.x.x.x"
lev_notice:Aug 9 16:24:42 web01 vsftpd[7255]: pam_ldap(vsftpd:auth):
Authentication failure; user=xxxxx
lev_notice:Aug 9 16:24:42 web01 vsftpd[7255]: pam_unix(vsftpd:auth):
authentication failure; logname= uid=0 euid=0 tty=ftp ruser=xxxxx
rhost=xxxxx user=xxxxx
lev_warn:Aug 9 16:24:44 web01 vsftpd[7255]: [xxxxx] FAIL LOGIN: Client
"x.x.x.x"
Using dovecot-2.2.36-3.el7.x86_64 on CentOS7
More information about the dovecot
mailing list