summaryrefslogtreecommitdiff
path: root/logcheck/ignore.d.server
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2013-01-30 10:29:51 +0100
committerJonas Smedegaard <dr@jones.dk>2013-01-30 10:30:11 +0100
commite25e815689670be2b13c8c193a774c19f54a3e8a (patch)
tree842d3a964d4d742e45451bcbf3577f38b62087a5 /logcheck/ignore.d.server
parent592fdbc6b3c9105274e3a4c09c5614b58559f833 (diff)
Add some logcheck rules for dovecot lda, amavisd-new and postfix.
Diffstat (limited to 'logcheck/ignore.d.server')
-rw-r--r--logcheck/ignore.d.server/dovecot1
-rw-r--r--logcheck/ignore.d.server/postfix5
2 files changed, 4 insertions, 2 deletions
diff --git a/logcheck/ignore.d.server/dovecot b/logcheck/ignore.d.server/dovecot
index ef74262..37003fe 100644
--- a/logcheck/ignore.d.server/dovecot
+++ b/logcheck/ignore.d.server/dovecot
@@ -1,2 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: IMAP\([^[:space:]]*\): Connection closed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: lda\([^[:space:]]*\): sieve: msgid=<[^[:space:]]*>: stored mail into mailbox '[^']*'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap-login: Aborted login \(3 authentication attempts\): user=<[^[:space:]]*>, method=LOGIN, rip=127\.0\.0\.1, lip=127\.0\.0\.1, secured$
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 57da305..43a0396 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -18,7 +18,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix(/submission)?/smtpd?\[[0-9]+\]: (Anonymous)? TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
@@ -26,12 +26,13 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix(/submission)?/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [^[:space:]]+\[[\.0-9]+\]: 0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:xdigit:]]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/submission/smtpd\[[0-9]+\]: [[:xdigit:]]+: client=[^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$