Reading dovcot unmatched entries log

AthensMatt

Active Member
Mar 24, 2015
31
0
56
Athens
cPanel Access Level
Root Administrator
Good morning all,

I'm struggling to figure out what a log is telling me. I have a lot of unmatched entries similar to this example:
dovecot: imap(__cpanel__service__auth__imap__08_LONG_STRING_OF_ALPHANUMERICS_): Logged out in=11, out=434, bytes=11/434: 1 Time(s)

Obviously I changed the identifier to "LONG_STRING_OF_ALPHANUMERICS" because I'm not sure if it's safe to post it.

Is there a way to read this and identify which account or domain is creating this unmatched entries log??

Thanks,

Matt
 

gn0s1s

Member
Mar 2, 2016
17
1
78
Cambodia
cPanel Access Level
Root Administrator
While I love this check, it spams the Logwatch with unmatched entries and will definitely cause many system administrators to begin ignoring Logwatch entirely (which is a Bad Thing™). There have been patches out there which solve similar issues, so it shouldn't be impossible to make these Unmatched Entries go away. Any advice on how to do so would be appreciated, since it's cPanel's service that is generating the log spam.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello :)

There are no native features that will ignore access attempts from Chkservd at this time, but it's a good idea for a feature request:

Submit A Feature Request

Feel free to post the URL to the feature request once it's approved so others can vote and add their feedback to it.

Thank you.
 

gn0s1s

Member
Mar 2, 2016
17
1
78
Cambodia
cPanel Access Level
Root Administrator
Hello :)

There are no native features that will ignore access attempts from Chkservd at this time, but it's a good idea for a feature request:

Submit A Feature Request

Feel free to post the URL to the feature request once it's approved so others can vote and add their feedback to it.

Thank you.
I edited:
Code:
/etc/logwatch/conf/ignore.conf
To include the following:
Code:
dovecot: imap\(__cpanel__service__auth__imap__
ChkServd spam gone, for now. Solution found here, among others.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
I am happy to see you were able to find a suitable workaround. Thank you for updating us with the outcome.