# this file is suitable for inclusion in the plug-in directory
# /usr/local/etc/log_analysis.d

# you don't really need this file because the functionality is already
# in the default config, but this illustrates how you can make your own 
# config.

# all configs should declare what version they were written with
config_version 0.3405

# we're extending the syslog type
logtype: syslog

# some data is worthless.  Throw it out.
pattern: qpopper: \(v[\d\.]+\) Unable to get canonical name of client,\ err = \d+
		dest:	SKIP
pattern: qpopper: Unable to obtain socket and address of client,\ err = \d+
		dest:	SKIP
pattern: qpopper: warning: can't verify hostname: gethostbyname\($host_pat\) failed
		dest:	SKIP
pattern: qpopper: (?:$mail_user_pat)?\@\[?$host_pat\]?: -ERR POP EOF received
		dest:	SKIP
pattern: qpopper: (?:$mail_user_pat)?\@\[?$host_pat\]?: -ERR POP hangup
		dest:	SKIP
pattern: qpopper: (?:$mail_user_pat)?\@\[?$host_pat\]?: -ERR POP timeout
		dest:	SKIP
pattern: qpopper: (?:$mail_user_pat)?\@\[?$host_pat\]?: -ERR SIGHUP or SIGPIPE flagged
		dest:	SKIP

# Let's do useful stuff with the rest:
pattern: qpopper: Stats: ($mail_user_pat)
		format:	$1
		dest:	qpopper: users checked mail
pattern: qpopper: apop \"($mail_user_pat)\"\s*
		format:	$1
		dest:	qpopper: user is using apop
pattern: qpopper: ($mail_user_pat)\@\[?($host_pat)\]?: -ERR (?:authentication failure|Password supplied for "$mail_user_pat" is incorrect|not authorized)
		format:	$1\@$2
		dest:	qpopper: authentication failure
pattern: qpopper: ($mail_user_pat)\@\[?($host_pat)\]?: -ERR You must use APOP to connect to this server
		format:	$1\@$2
		dest:	qpopper: should have used APOP