Should dovecot not be using different logging facility and severity levels?

[Timo Sirainen]

On 9 Aug 2019, at 17.39, Marc Roos via dovecot <dovecot at dovecot.org> wrote:
> 
> Should dovecot not be using different severity levels like auth.warn? On 
> my system everything goes to loglevel info:

My thinking has been:

 * Panic: There's a bug that needs fixing
 * Fatal: Somewhat stronger error
 * Error: Something's broken or misconfigured - admin should fix something
 * Warning: Something seems to be at least temporarily broken, like maybe some limit was reached because the system was overloaded. Admin may need to do something or possibly just wait. Either way, these should be looked into.
 * Info: Events that admin doesn't necessarily need to look at, except while debugging or for gathering stats or something
 * Debug: Only when really debugging

> lev_info:Aug  9 16:18:24 mail03 dovecot: imap-login: Aborted login (auth 
> failed, 1 attempts in 2 secs): user=<xxxxx>, method=PLAIN, rip=x.x.x.x, 
> lip=x.x.x.x, TLS, session=<UBXJ2K+PYh68zmjw>
> lev_info:Aug  9 16:18:29 mail03 dovecot: auth-worker(28656): 
> pam(krinfo,188.206.104.240,<LOLx2K+PYx68zmjw>): unknown user

These are regular events that happen all the time due to brute force attacks and such. I don't know why you'd want to see them as warnings?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190814/e53074e6/attachment.html>