logcheck: Ignore failed proftpd logins with full mail address (not only account) for anonymous and ftp.

2 files changed, 3 insertions, 5 deletions

diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd
index 4f81df2..585b5d4 100644
--- a/logcheck/ignore.d.server/proftpd
+++ b/logcheck/ignore.d.server/proftpd
@@ -1,6 +1,6 @@
 proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - FTP session opened\.
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp) \(Login failed\): Can't find user\.
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp): no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)'
+proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
+proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+
+proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
 proftpd\[.*\]: connect from [\.[:digit:]]+
 proftpd\[.*\]: No certificate files found!
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 2bfdb2b..e6e8631 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -22,8 +22,6 @@ ntpd\[.*\]: synchronisation lost
 ntpd\[.*\]: time reset [\.[:digit:]-]* .
 ntpd\[.*\]: time reset [\.[:digit:]-]+ s
 portsentry\[.*\]: attackalert: .*
-proftpd\[.*\]: .* \(.*\) - USER anonymous@ftp.microsoft.com: no such user found from .*
-proftpd\[.*\]: .* \(.*\) - no such user 'anonymous@ftp.microsoft.com'
 pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
 smbd\[.*\]:   read_socket_data: recv failure for 4. Error = No route to host
 smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !