diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-12-13 15:22:12 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-12-13 15:22:12 +0000 |
| commit | b1e2ba246cd4bb938a0feb648215d56e171e8d8a (patch) | |
| tree | e8d7cfd56240e7ae931bbc512bd31f16b6878c82 | |
| parent | a74062af84ee163557400013a260e11b5e3d8521 (diff) | |
Misc additions.
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/squid | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 25 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 25 |
5 files changed, 31 insertions, 25 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 3f94c87..b88afc0 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -272,7 +272,7 @@ squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?$ squid\[[0-9]+\]: NETDB state saved;$ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ -squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ +squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer $ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ ### ignore.d.server/ssh diff --git a/logcheck/ignore.d.server/squid b/logcheck/ignore.d.server/squid index b7c2ca7..02eb068 100644 --- a/logcheck/ignore.d.server/squid +++ b/logcheck/ignore.d.server/squid @@ -5,6 +5,6 @@ squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?$ squid\[[0-9]+\]: NETDB state saved;$ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ -squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ +squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer $ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 4a58840..46a0600 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -272,7 +272,7 @@ squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?$ squid\[[0-9]+\]: NETDB state saved;$ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ -squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ +squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer $ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ ### ignore.d.server/ssh diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 898417f..d41ab11 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -38,24 +38,27 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ -postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\) +postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ -postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^"]+"\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 550 .* (User unknown; rejecting|Relaying denied|Access denied\.|unknown or illegal alias: [^[:space:]]+|Recipient address rejected: This user does not have an account here \(MTA:imta15\))\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see .*\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^[:space:]>]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 52e940e..cc9f663 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,22 +1,25 @@ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ -postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\) +postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ -postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^"]+"\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 550 .* (User unknown; rejecting|Relaying denied|Access denied\.|unknown or illegal alias: [^[:space:]]+|Recipient address rejected: This user does not have an account here \(MTA:imta15\))\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see .*\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ +postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^[:space:]>]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> |