diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-12-13 00:20:56 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-12-13 00:20:56 +0000 |
| commit | 4588e6f001f666c498b14e0c6a0c2fc490b2332e (patch) | |
| tree | 2ebdafee3f13c474197f5cd8416d9e99886ba9cc | |
| parent | 4c4497c0be794cc6b8d8b33a60e5fad949a5432f (diff) | |
Fix temporary ignoring amavis unzipping specific broken file (hopefully for real this time).
| -rw-r--r-- | logcheck/ignore.d.server/local | 15 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 2 |
4 files changed, 9 insertions, 11 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 9abe2ab..db7960a 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -64,13 +64,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Abandoning IP address [\.0-9]+: pinged before offer ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: BOOTREQUEST from [0-9a-f:]+ ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+ ?$ @@ -83,6 +76,13 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: accepting packet with data after udp payload. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ip length 576 disagrees with bytes received 590. ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$ @@ -308,7 +308,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-00003$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+ port [0-9]+ ssh2$ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 7a13866..b2dc9e0 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -57,7 +57,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. ## amavis ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-00003$ ## Misc entries on Gibraltar (using older logcheck and syslog...) ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 4c4e2f7..44d295d 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -102,4 +102,4 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=[^[:space:]]*)?( auth=[^[:space:]]*)? host=([^[:space:]]* )?\[[^[:space:]]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mod_auth_shadow: VALIDATE: user: [^[:space:]]+, Authentication failure$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([-0-9]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[-0-9]+/parts/part-00003$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-00003$ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 01795ac..90662ae 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -30,4 +30,4 @@ #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74) user=sm$ #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$ #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([-0-9]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[-0-9]+/parts/part-00003$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-00003$ |