Major logcheck overhaul:

* Split local into files by related packages * Rename remaining local to misc * Split language-specific (only da_DK) into package.lang * Sync with entries provided by packages themselves * Rename some files overriding (not add) to package.changes * Replace [[:digit:]] with the shorter [0-9] everywhere * Replace most .* to more specific alternatives everywhere
author: Jonas Smedegaard <dr@jones.dk> 2002-10-23 17:17:13 +0000
committer: Jonas Smedegaard <dr@jones.dk> 2002-10-23 17:17:13 +0000
commit: dddec7a12123924793fd2c204ed308d3c50a9b2d (patch)
tree: 9ef5f058147d440215a00a4f6ff7b7324f7c612f /logcheck/ignore.d.server/tmp
parent: 9f3c51e3aa40910e103368b309a7775cd7518cf0 (diff)
1 files changed, 29 insertions, 13 deletions
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index c7e66a7..39883bd 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -1,39 +1,58 @@
+## imp
 IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
+## libpam-modules
 PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
+# old-style pam entries (no longer provided by logcheck but needed on woody
+PAM_.*: .* session (opened|closed) for user .*
+## netatalk
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: bad function 7A
 atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
+## hylafax-server
 FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
 gnome-name-server\[[0-9]+\]: server_is_alive: .*
+## uw-imap
 i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
-ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[[:digit:]], fd: 12
-kernel: Disorder[[:digit:]] [[:digit:]] [[:digit:]] f[[:digit:]] s[[:digit:]] rr[[:digit:]]
+## ppp
+ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
+## misc
+kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
-kernel: OPEN: [\.[:digit:]]* -> [\.[:digit:]]* UDP, port: [[:digit:]]* -> [[:digit:]]*
+kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
-kernel: lp[[:digit:]]: compatibility mode
+kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
+printer: offline or intervention needed
+## ntp-simple
 ntpd\[[0-9]+\]: synchronisation lost
 ntpd\[[0-9]+\]: synchronisation lost
-ntpd\[[0-9]+\]: time reset [\.[:digit:]-]* .
-ntpd\[[0-9]+\]: time reset [\.[:digit:]-]+ s
+ntpd\[[0-9]+\]: time reset [\.0-9-]* .
+ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
+## portsentry
 portsentry\[[0-9]+\]: attackalert: .*
+## pump
 pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
+## samba
 smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
 smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[[0-9]+\]: \[[/[0-9]]+ [:[0-9]]+, 0\] smbd/service.c:find_service\([0-9]+\)
 smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
-smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
-smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
+smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([0-9]+\)
+smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([0-9]+\)
 sshd\[[0-9]+\]: Failed password for .*
 sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
+## dhcp
 dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71)
 dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71)
+## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
-postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.[:digit:]]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
+
 rpc.mountd: authenticated mount request from .* for .*
+## snort
 snort: .*FrontPage
 snort: IDS015 - RPC - portmap-request-status:
 snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
@@ -54,10 +73,7 @@ snort: spp_portscan: PORTSCAN DETECTED
 snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
+## postgres
 postgres\[[0-9]+\]: \[.*\] DEBUG:
 postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-printer: offline or intervention needed
-#old-style pam entries (no longer provided by logcheck but needed on woody
-PAM_.*: .* session opened for user .*
-PAM_.*: .* session closed for user .*
author	Jonas Smedegaard <dr@jones.dk>	2002-10-23 17:17:13 +0000
committer	Jonas Smedegaard <dr@jones.dk>	2002-10-23 17:17:13 +0000
commit	dddec7a12123924793fd2c204ed308d3c50a9b2d (patch)
tree	9ef5f058147d440215a00a4f6ff7b7324f7c612f /logcheck/ignore.d.server/tmp
parent	9f3c51e3aa40910e103368b309a7775cd7518cf0 (diff)