Logwatch script for Cyrus and resulting questions

[Ken Murchison]

Sebastian Hagedorn wrote:

> Hi,
> 
> we're finally going live with our HA cluster based on RedHat AS 2.1. It 
> took us almost two years to get the system stable, due mostly to 
> software issues in Linux. Now I'm doing some final preparation and as 
> part of that I'm creating a script for logwatch (see www.logwatch.org). 
> My script is for logwatch 4.3.1, but I guess it'll work with other 
> versions as well. I'll share the script once it's been in use for a few 
> days.
> 
> Does anybody else use logwatch with Cyrus? I'd be interested in what 
> others do ...

Not currently, but I'd be interested in your script.


> 
> Anyway, I've got a question as a result of the output:
> 
>   POP:
>     Number of logins: 184
>        ... using LOGIN: 61
>        ... using NTLM: 3
>        ... using APOP: 16
>        ... using plaintext+TLS: 68
>        ... using CRAM-MD5: 14
>        ... using PLAIN: 22
> 
>   IMAP:
>     Number of logins: 182
>        ... using CRAM-MD5+TLS: 31
>        ... using PLAIN+TLS: 5
>        ... using NTLM: 2
>        ... using plaintext+TLS: 31
>        ... using CRAM-MD5: 97
>        ... using plain+TLS: 3
>        ... using DIGEST-MD5: 13
> 
> I think I know what the difference between PLAIN and plain is (the first 
> is a proper SASL mechanism, the latter isn't), but what's plaintext and 
> why is it the only mechanism that doesn't log "User logged in"?

plaintext is the built-in authentication command: LOGIN for IMAP, 
USER/PASS for POP3 and NNTP.

I just updated CVS so that all successful authentications get logged in 
a consistent manner (imapd, pop3d, nntpd).

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp