diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-12-09 02:22:10 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-12-09 02:22:10 +0000 |
| commit | e47677a22d275b3141ed52985c08229f15abf1f9 (patch) | |
| tree | a594356123c765a1dcaea5cff3910071583d47e0 | |
| parent | 6c3fedb854898f1a320e31d3ec3b12a4f2755598 (diff) | |
Misc cleanup...
| -rw-r--r-- | logcheck/ignore.d.server/hylafax-server | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/local | 17 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/misc | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/nagios | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 10 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 17 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 1 |
8 files changed, 29 insertions, 24 deletions
diff --git a/logcheck/ignore.d.server/hylafax-server b/logcheck/ignore.d.server/hylafax-server index 11821d8..dedf0fa 100644 --- a/logcheck/ignore.d.server/hylafax-server +++ b/logcheck/ignore.d.server/hylafax-server @@ -4,7 +4,7 @@ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 5bf1123..387742c 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -112,7 +112,7 @@ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ @@ -138,7 +138,8 @@ dhcpd.*: fallback_discard: Connection refused kernel: isdn_net: call from [,0-9]+ -> [0-9]+$ kernel: isdn_net: Service-Indicator not [0-9], ignored$ # This one shows up with firewalls blocking SMB ports non-silently -kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:(137|138) .*:(137|138) L=[0-9]+ S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) +kernel: Packet log: input DENY .*:(137|138) .*:(137|138) .*$ +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=(13[789]|445) .*$ ### ignore.d.server/murasaki murasaki\.usb\[[0-9]+\]: found depended module="[[:alnum:]]+"$ murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"$ @@ -149,7 +150,7 @@ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$ ### ignore.d.server/nagios nagios: Auto-save of retention data completed successfully\. $ -nagios: LOG ROTATION: DAILY$ +nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes afpd\[[0-9]+\]: ([^[:space:]:]+: E:AFPDaemon: )?afp_alarm: child timed out$ afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?Connection terminated$ @@ -241,12 +242,12 @@ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ -proftpd\[[0-9]+\]: connect from [\.0-9]+$ -proftpd\[[0-9]+\]: No certificate files found!$ -proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\.$ +proftpd\[[0-9]+\]: connect from [\.0-9]+ $ +proftpd\[[0-9]+\]: No certificate files found! $ +proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $ ### ignore.d.server/rpld rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$ ### ignore.d.server/samba diff --git a/logcheck/ignore.d.server/misc b/logcheck/ignore.d.server/misc index 2f37753..5d2ec5d 100644 --- a/logcheck/ignore.d.server/misc +++ b/logcheck/ignore.d.server/misc @@ -7,4 +7,5 @@ dhcpd.*: fallback_discard: Connection refused kernel: isdn_net: call from [,0-9]+ -> [0-9]+$ kernel: isdn_net: Service-Indicator not [0-9], ignored$ # This one shows up with firewalls blocking SMB ports non-silently -kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:(137|138) .*:(137|138) L=[0-9]+ S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) +kernel: Packet log: input DENY .*:(137|138) .*:(137|138) .*$ +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=(13[789]|445) .*$ diff --git a/logcheck/ignore.d.server/nagios b/logcheck/ignore.d.server/nagios index 2ab0696..248f54c 100644 --- a/logcheck/ignore.d.server/nagios +++ b/logcheck/ignore.d.server/nagios @@ -1,2 +1,2 @@ nagios: Auto-save of retention data completed successfully\. $ -nagios: LOG ROTATION: DAILY$ +nagios: LOG ROTATION: DAILY $ diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index 5cf9ea5..500221c 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,7 +1,7 @@ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ -proftpd\[[0-9]+\]: connect from [\.0-9]+$ -proftpd\[[0-9]+\]: No certificate files found!$ -proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\.$ +proftpd\[[0-9]+\]: connect from [\.0-9]+ $ +proftpd\[[0-9]+\]: No certificate files found! $ +proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 6687729..cc74598 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -112,7 +112,7 @@ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ @@ -138,7 +138,8 @@ dhcpd.*: fallback_discard: Connection refused kernel: isdn_net: call from [,0-9]+ -> [0-9]+$ kernel: isdn_net: Service-Indicator not [0-9], ignored$ # This one shows up with firewalls blocking SMB ports non-silently -kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:(137|138) .*:(137|138) L=[0-9]+ S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) +kernel: Packet log: input DENY .*:(137|138) .*:(137|138) .*$ +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=(13[789]|445) .*$ ### ignore.d.server/murasaki murasaki\.usb\[[0-9]+\]: found depended module="[[:alnum:]]+"$ murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"$ @@ -149,7 +150,7 @@ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$ ### ignore.d.server/nagios nagios: Auto-save of retention data completed successfully\. $ -nagios: LOG ROTATION: DAILY$ +nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes afpd\[[0-9]+\]: ([^[:space:]:]+: E:AFPDaemon: )?afp_alarm: child timed out$ afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?Connection terminated$ @@ -241,12 +242,12 @@ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ -proftpd\[[0-9]+\]: connect from [\.0-9]+$ -proftpd\[[0-9]+\]: No certificate files found!$ -proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\.$ +proftpd\[[0-9]+\]: connect from [\.0-9]+ $ +proftpd\[[0-9]+\]: No certificate files found! $ +proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $ ### ignore.d.server/rpld rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$ ### ignore.d.server/samba diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 39602a0..31b000d 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -50,6 +50,7 @@ postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:s postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: Sender address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index ebf0399..8388e47 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -12,6 +12,7 @@ postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:s postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: Sender address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ |