Merging some dhcp lines. Adding a temporary line specific to tulle.haakansson.com.

6 files changed, 21 insertions, 20 deletions

diff --git a/logcheck/ignore.d.server/dhcp.changes b/logcheck/ignore.d.server/dhcp.changes
index 73dab6d..0e4b52e 100644
--- a/logcheck/ignore.d.server/dhcp.changes
+++ b/logcheck/ignore.d.server/dhcp.changes
@@ -1,10 +1,8 @@
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $
+dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $
-dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $
+dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) $
 dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $
-dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $
-dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $
+dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\.$
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index d6697e1..73dfad2 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -74,14 +74,12 @@ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$
 ### ignore.d.server/dhcp.changes
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $
+dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $
-dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $
+dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) $
 dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $
-dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $
-dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $
+dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\.$
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer$
 dhcpd: BOOTREQUEST from [0-9a-f:]+$
@@ -349,7 +347,8 @@ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
 ## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-
+## Tulle getting spammed
+tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
 rpc.mountd: authenticated mount request from .* for .*
 ## snort
 snort: .*FrontPage
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 5bb7d2e..12eb9e9 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -54,7 +54,8 @@ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
 ## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-
+## Tulle getting spammed
+tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
 rpc.mountd: authenticated mount request from .* for .*
 ## snort
 snort: .*FrontPage
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index d37a673..e25e235 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -74,14 +74,12 @@ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$
 ### ignore.d.server/dhcp.changes
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $
+dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $
-dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ via eth[0-9]+ $
 dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $
+dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) $
 dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $
-dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $
-dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $
+dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\.$
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer$
 dhcpd: BOOTREQUEST from [0-9a-f:]+$
@@ -349,7 +347,8 @@ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
 ## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-
+## Tulle getting spammed
+tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
 rpc.mountd: authenticated mount request from .* for .*
 ## snort
 snort: .*FrontPage
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index c80a150..7bb5054 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -40,11 +40,13 @@ pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sle
 postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
 postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$
+postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
 postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$
+postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 504 <[^>]+>: Sender address rejected: need fully-qualified address$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$
@@ -55,7 +57,7 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Tr
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
-postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
+postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 6f74a4b..e299db0 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -1,11 +1,13 @@
 postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
 postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$
+postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
 postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$
+postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 504 <[^>]+>: Sender address rejected: need fully-qualified address$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$
 postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$
@@ -16,7 +18,7 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Tr
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
-postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
+postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$