Re: logwatch reporting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Nov 2014, Robert Moskowitz wrote: Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? nobody cared to create a logwatch script for Dovecot that aggregates the information as you used to see for Courier. If you check out Dovecots logfile, you'll see that it does log the username and, thus, logwatch could aggregate that information. You could update logwatch or switch to http://wiki2.dovecot.org/Statistics - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVG74T3z1H7kL/d9rAQIicAgApa1DVNBXnRqT4ahUZlywtfT102g+okff VgseS923LjtqNT4hXlJLNiLuBo4zXXztR/+0Q23PQPUkfrPjLoAsfZn4tEjLikjS 9a42IN3T9VBWFUOLCNjx+EUAws8RYc4Jl44Km5DGjE3TvuIi284toMGtenIa+GD/ qv7ZXPc54UM9sXqAlSYqenZZsIaHbMSrHCiZwfipkRFunL8G1VghK5enHsPJpPSn Gfm/r1w0cL3G8TDmoKX97c6zhZ0g3NOs+qCwvNKhq3K8XJ+Jc9tzZB4x5wd+pF2d SCOra3ElM+8ptsJotH24UI7sqYB0u/Q4iegN+1FQQEvLOzxQxI5Qbw== =F6xC -END PGP SIGNATURE-
Re: logwatch reporting
Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail.
Re: logwatch reporting
On 11/21/2014 04:13 AM, Tamsy wrote: Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel
Re: logwatch reporting
On 21/11/2014 15:48, Robert Moskowitz wrote: On 11/21/2014 04:13 AM, Tamsy wrote: Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel There is Detail and *OnlyService parameters in logwatch's dovecot.conf (in centos by default /usr/share/logwatch/default.conf/services/dovecot.conf) Probably you can override these parameters in /etc/logwatch/conf/services ... but I personally never used this. Look at the meaning of these parameters ... maybe this is the problem -- Levi
Re: logwatch reporting
On 11/21/2014 09:01 AM, Birta Levente wrote: On 21/11/2014 15:48, Robert Moskowitz wrote: On 11/21/2014 04:13 AM, Tamsy wrote: Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel Thanks for this pointer but... There is Detail and *OnlyService parameters in logwatch's dovecot.conf (in centos by default /usr/share/logwatch/default.conf/services/dovecot.conf) No detail parameter in mine which seems rather old: # $Log: dovecot.conf,v $ # Revision 1.3 2006/08/13 21:05:03 bjorn # Changed OnlyService to include dovecot for compatibility with Dovecot 1.0 # based on patches by Mark Nienberg; modification by Patrick Vande Walle. *OnlyService = (imap-login|pop3-login|dovecot) What would I add to that? Probably you can override these parameters in /etc/logwatch/conf/services ... but I personally never used this. Look at the meaning of these parameters ... maybe this is the problem Where do I look for their meaning? My google searching is coming up empty. thanks
Re: logwatch reporting
On 21/11/2014 16:31, Robert Moskowitz wrote: On 11/21/2014 09:01 AM, Birta Levente wrote: On 21/11/2014 15:48, Robert Moskowitz wrote: On 11/21/2014 04:13 AM, Tamsy wrote: Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel Thanks for this pointer but... There is Detail and *OnlyService parameters in logwatch's dovecot.conf (in centos by default /usr/share/logwatch/default.conf/services/dovecot.conf) No detail parameter in mine which seems rather old: # $Log: dovecot.conf,v $ # Revision 1.3 2006/08/13 21:05:03 bjorn # Changed OnlyService to include dovecot for compatibility with Dovecot 1.0 # based on patches by Mark Nienberg; modification by Patrick Vande Walle. *OnlyService = (imap-login|pop3-login|dovecot) What would I add to that? OnlyService refer to the log prefix or service name in your maillog. If you need more detailed report just add to the mentioned config file: Detail=10 # 10 is the maximum detail But for me looks like you have no imap or pop logins nor deliveries in logfile at all. Can you confirm having like this in your maillog? Oct 28 08:36:34 srv2 dovecot: imap-login: Login: user=xxx...@yy.com, method=PLAIN, rip=192.168.1.2, lip=192.168.1.1, mpid=11188, TLS, TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) What is your dovecot version? Levi
Re: logwatch reporting
On 11/21/2014 12:27 PM, Birta Levente wrote: On 21/11/2014 16:31, Robert Moskowitz wrote: On 11/21/2014 09:01 AM, Birta Levente wrote: On 21/11/2014 15:48, Robert Moskowitz wrote: On 11/21/2014 04:13 AM, Tamsy wrote: Robert Moskowitz wrote on 20.11.2014 20:41: I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries? What version of Logwatch is installed on the server and on which distro? We are using Logwatch here too and the summary for Dovecot is very detailed; even more detailed compared to what you got with courier-mail. I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its logwatch is: logwatch-7.3.6-52.el6.noarch Oh, and dovecot is: dovecot-2.0.9-7.el6.armv5tel Thanks for this pointer but... There is Detail and *OnlyService parameters in logwatch's dovecot.conf (in centos by default /usr/share/logwatch/default.conf/services/dovecot.conf) No detail parameter in mine which seems rather old: # $Log: dovecot.conf,v $ # Revision 1.3 2006/08/13 21:05:03 bjorn # Changed OnlyService to include dovecot for compatibility with Dovecot 1.0 # based on patches by Mark Nienberg; modification by Patrick Vande Walle. *OnlyService = (imap-login|pop3-login|dovecot) What would I add to that? OnlyService refer to the log prefix or service name in your maillog. If you need more detailed report just add to the mentioned config file: Detail=10 # 10 is the maximum detail Will make this change shortly. But for me looks like you have no imap or pop logins nor deliveries in logfile at all. Can you confirm having like this in your maillog? Oct 28 08:36:34 srv2 dovecot: imap-login: Login: user=xxx...@yy.com, method=PLAIN, rip=192.168.1.2, lip=192.168.1.1, mpid=11188, TLS, TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Oh, they are there e.g.: Nov 21 12:44:24 z9m9z dovecot: pop3-login: Login: user=r...@labs.htt-consult.com,
logwatch reporting
I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 55 | 219571 | 0 us...@htt-consult.com | 285 | 221681 | 0 us...@labs.htt-consult.com | 32 | 15183 | 0 --- 372 | 456435 | 0 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84], time=1, starttls=1: 2 Time(s) -- IMAP End - - POP-3 Begin [POP3] Logout stats (in MB): User | Logouts | Downloaded | Mbox Size --- | --- | -- | -- us...@htt-consult.com | 78 | 5.96 | 0 us...@communaljob.com | 215 | 9.24 | 0 us...@htt-consult.com | 1 | 7.47 | 0 us...@htt-consult.com | 1 | 2.34 | 0 us...@htt-consult.com | 301 | 31.08 | 0 us...@labs.htt-consult.com | 201 | 4.98 | 0 --- 797 | 61.06 | 0.00 **Unmatched Entries** Disconnected, ip=[:::107.150.52.84]: 2 Time(s) Disconnected, ip=[:::12.159.43.147]: 50 Time(s) Disconnected, ip=[:::172.245.45.20]: 61 Time(s) LOGIN FAILED, user=Alfredo, ip=[:::172.245.45.20]: 1 Time(s) LOGIN FAILED, user=Antonio, ip=[:::172.245.45.20]: 2 Time(s) LOGIN FAILED, user=postmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=webmaster, ip=[:::172.245.45.20]: 7 Time(s) LOGIN FAILED, user=www, ip=[:::172.245.45.20]: 4 Time(s) Maximum connection limit reached for :::172.245.45.20: 509 Time(s) -- POP-3 End - Whereas dovecot is only reporting: - Dovecot Begin Dovecot disconnects: Inactivity: 1 Time(s) Logged out: 379 Time(s) no auth attempts: 5 Time(s) no reason: 1 Time(s) tried to use disabled plaintext auth: 1 Time(s) **Unmatched Entries** dovecot: dict: mysql: Connected to localhost (postfix): 351 Time(s) -- Dovecot End - How can I get more detailed user activity reporting to logwatch? And why is connection to mysql under Unmatched Entries?
