diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2006-01-23 09:44:53 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2006-01-23 09:44:53 +0000 |
| commit | b53a0e4d87be2e2a98d1ae7cc0fdb4f0e231eb9f (patch) | |
| tree | 740f5cdbb63fdccd8548cc548044f80c45b20be6 /logcheck | |
| parent | 44ee48e55371b91aa612c277938860c29757ceb9 (diff) | |
Ignore another expression of refusing to talk smtp with us.
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 14 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index deebc82..5bf1043 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -63,13 +63,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Abandoning IP address [\.0-9]+: pinged before offer ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: BOOTREQUEST from [0-9a-f:]+ ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+ ?$ @@ -82,6 +75,13 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: accepting packet with data after udp payload. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ip length 576 disagrees with bytes received 590. ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index c5494f6..6f79bcf 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -48,7 +48,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?421 Fork failed +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?521 [^[:space:]]+ access denied +\(port 25\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)|This system is configured to reject mail from [^[:space:]]+ \[[\.0-9]+\] \(Host blacklisted - Found on Realtime Black List server '[^[:space:]]+'\)) +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 (([\.0-9]+ )?<[^[:space:]]+>: Client host rejected: (Access denied|No mail accepted from you|Reject Dynamic ip|spam source)|Unwelcome connection rejected\.|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+) +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [^[:space:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm\)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\)|554 <[^[:space:]]+\[[\.0-9]+\]>: Client host rejected: No mail accepted from you)$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index e89a267..25fd193 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -18,7 +18,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?421 Fork failed +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?521 [^[:space:]]+ access denied +\(port 25\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)|This system is configured to reject mail from [^[:space:]]+ \[[\.0-9]+\] \(Host blacklisted - Found on Realtime Black List server '[^[:space:]]+'\)) +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 (([\.0-9]+ )?<[^[:space:]]+>: Client host rejected: (Access denied|No mail accepted from you|Reject Dynamic ip|spam source)|Unwelcome connection rejected\.|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+) +\(port 25\)$ # Ignore blacklisting due to being dynamic - or without explaining/hinting at all ## Grr - could've been a single rule if only logcheck supported custom classes |