UPDATE: Thanks jagro.nl and Julian Stokes I was alerted to the fact that the current HEAD version of the script no longer works. You can use my old version instead.
You may have noticed the extra useless notices by Dovecot in your Logwatch (you do check your logwatch every day right?)
These kinds of messages can be found under the Dovecot logs:
**Unmatched Entries**
dovecot: imap(useraccount): Connection closed bytes=16/338: 1 Time(s)
dovecot: imap(useraccount): Connection closed bytes=17/340: 7 Time(s)
dovecot: imap(useraccount): Connection closed bytes=18/342: 3 Time(s)
And depending on your activity you could be getting this kind of message a few hundred times per day on more busy setups.
A quick Google check reveals the following bug reports for Redhat: Bug 666376 and Bug 669161
This was fixed in Rawhide, but apparently hasn’t made it to Redhat proper yet.
Let’s fix this in the cleanest possible way.
Logwatch stores the script originals in /usr/share/logwatch/scripts/services/* and these are bundled in the RPM that is installed by yum.
Changing these scripts wouldn’t help much as these are overwritten by updates.
Logwatch also maintains a folder in /etc under /etc/logwatch/scripts/services/ where you can place your own scripts (they will replace the scripts in /usr/share; according to the manpage)
Just download the latest from the repository and name it dovecot
http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/
You should use this version for now and save it as dovecot http://barry.coffeesprout.com/dovecot
With the dovecot script downloaded to /etc/logwatch/scripts/services/dovecot your report should now look a lot cleaner.
Run logwatch and you should see something like:
Dovecot IMAP and POP3 Successful Logins: 316
Dovecot disconnects: 286
I hope this has been somewhat helpful to you
Thanks, just what i needed 🙂
jb
You’re most welcome. I’m one of those people who uses Logwatch and I try to make as much of it actionable. This was definitely getting in the way 🙂
I thought this was it, but unfortunately I now have the same lengthy logs, but with different unmatched entries.
Sep 21 00:03:08 salusa dovecot: imap-login: Login: user=, method=PLAIN, rip=*.*.*.*, lip=192.168.10.15, mpid=7214, TLS: 1 Time(s)
Sep 21 00:04:47 salusa dovecot: imap-login: Login: user=, method=PLAIN, rip=*.*.*.*, lip=192.168.10.15, mpid=7219, TLS: 1 Time(s)
Sep 21 00:04:47 salusa dovecot: imap-login: Login: user=, method=PLAIN, rip=*.*.*.*, lip=192.168.10.15, mpid=7221, TLS: 1 Time(s)
Do you have a fix for this as well?
Tried this but am having the same problem as Jagro.nl below. Something must have changed re Dovecot and its logging. My dovecot version reports itself as 2.09
Interesting. When looking at the latest head it looks like they have added an additional clause for the login:
elsif ( ( ($User, $Host) = ( $ThisLine =~ /^imap-login: Login: (.*?) [(.*)]/ ) ) or
( ($User, $Host) = ( $ThisLine =~ /^imap-login: Info: Login: user=.*rip=(.*), lip=/ ) ) ) {
The one I downloaded only contains:
elsif ( ($User, $Host) = ( $ThisLine =~ /^imap-login: Login: (.*?) [(.*)]/ ) ) {
Check out the latest version: http://sourceforge.net/p/logwatch/code/HEAD/tree/scripts/services/dovecot
The latest version is the one I downloaded & tried. Perhaps I need the older one?
Could be. I’ve gone ahead and uploaded my old version. You can try it (at your own risk) here: http://barry.coffeesprout.com/dovecot
Thanks for that – did exactly what it should do and outputted
Dovecot IMAP and POP3 Successful Logins: 1264
Dovecot disconnects: 1261
Thanks for checking. I’m going to update the blog post with your findings. Will probably see if I can raise a ticket with the project about this
not working anymore 🙁