diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-03-18 22:04:06 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-03-18 22:04:06 +0000 |
| commit | 19b2c6c5f3313311ec5cb6c4017a0f338af1a926 (patch) | |
| tree | ecb3998d5a41086e3d3c674a9db20c30a24ec817 | |
| parent | 3e7293dc60053c7a788f8f617fc504de8a2c0179 (diff) | |
logcheck: Several misc. updates.
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 26 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/dhcp-client | 16 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/gdm | 1 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 3 |
5 files changed, 29 insertions, 19 deletions
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 8406246..009a3d0 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -34,17 +34,25 @@ sshd\[.*\]: packet_set_maxsize: setting to 4096 dhcpd-2.2.x: BOOTREQUEST from 00:20:6b:18:20:35 dhcpd-2.2.x: No applicable record for BOOTP host 00:20:6b:18:20:35 postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com> -snort: spp_http_decode: IIS Unicode attack detected: -snort: IIS- snort: FrontPage- -snort: spp_portscan: portscan status from -snort: IDS246 - MISC - Large ICMP Packet: -snort: NETBIOS-SMB-C: -snort: NETBIOS-SMB-CD...: -snort: WEB-../..: -snort: spp_portscan: PORTSCAN DETECTED -snort: spp_portscan: End of portscan +snort: IDS015 - RPC - portmap-request-status: snort: IDS029 - SCAN-Possible Queso Fingerprint attempt: +snort: IDS115 - MISC-Traceroute-UDP: +snort: IDS212 - MISC - DNS Zone Transfer: snort: IDS226 - CVE-1999-0172 - CGI-formmail: +snort: IDS246 - MISC - Large ICMP Packet: +snort: IIS- snort: MISC-Attempted Sun RPC high port access: +snort: NETBIOS-SMB-C: +snort: NETBIOS-SMB-CD...: +snort: NMAP TCP ping!: +snort: RPC Info Query: snort: SCAN-SYN FIN: +snort: spp_http_decode: IIS Unicode attack detected: +snort: spp_portscan: End of portscan +snort: spp_portscan: PORTSCAN DETECTED +snort: spp_portscan: portscan status from +snort: WEB-../..: +snort: WEB-CGI-upload.pl: +postgres\[.*\]: \[.*\] DEBUG: +postgres\[.*\]: \[[:digit:]-\] ^ITotal CPU .* sec elapsed .* sec\. diff --git a/logcheck/ignore.d.workstation/dhcp-client b/logcheck/ignore.d.workstation/dhcp-client index ce74045..d76233b 100644 --- a/logcheck/ignore.d.workstation/dhcp-client +++ b/logcheck/ignore.d.workstation/dhcp-client @@ -1,8 +1,8 @@ -dhclient-2.2.x: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [[:digit:]]+)? -dhclient-2.2.x: No working leases in persistent database( - sleeping)?\. -dhclient-2.2.x: Sleeping\. -dhclient-2.2.x: No DHCPOFFERS received\. -dhclient-2.2.x: DHCP(ACK|OFFER) from [\.[:digit:]]+ -dhclient-2.2.x: bound to .* -- renewal in [[:digit:]]+ seconds\. -dhclient-2.2.x: irda0: unknown hardware address type 783 -dhclient-2.2.x: receive_packet failed on eth[[:digit:]]: Network is down +dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [[:digit:]]+)? +dhclient(-2.2.x)?: No working leases in persistent database( - sleeping)?\. +dhclient(-2.2.x)?: Sleeping\. +dhclient(-2.2.x)?: No DHCPOFFERS received\. +dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.[:digit:]]+ +dhclient(-2.2.x)?: bound to .* -- renewal in [[:digit:]]+ seconds\. +dhclient(-2.2.x)?: irda0: unknown hardware address type 783 +dhclient(-2.2.x)?: receive_packet failed on eth[[:digit:]]: Network is down diff --git a/logcheck/ignore.d.workstation/gdm b/logcheck/ignore.d.workstation/gdm index fb094b8..1311d03 100644 --- a/logcheck/ignore.d.workstation/gdm +++ b/logcheck/ignore.d.workstation/gdm @@ -1 +1,2 @@ gdm\[.*\]: run_pictures: Directory .* does not exist\. +gdm\[.*\]: run_pictures: Mappen .* eksisterer ikke\. diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 192422e..dcec6f6 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -7,4 +7,4 @@ gconfd \(.*\): Exiting named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\) named\[.*\]: NSTATS [[:digit:]]+ [[:digit:]]+ named\[.*\]: .* All possible .* lame -named[183]: ns_forw: sendto.*: Network is unreachable +named\[.*\]: ns_forw: sendto.*: Network is unreachable diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index a47f421..af8a7ef 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -16,5 +16,6 @@ sshd\[.*]: Failed password for .* pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument postfix/smtpd\[.*\]: reject: .*: 550 <.*>: User unknown; .* postfix/smtpd\[.*\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .* -postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com> +postfix.*\[.*\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)> snort: spp_http_decode: IIS Unicode attack detected: +postgres\[.*\]: \[.*\] DEBUG: |