diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-05-04 12:36:33 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-05-04 12:36:33 +0000 |
| commit | 97f216c94b2279b3219f0d13fc1a88fe9e80f2fe (patch) | |
| tree | ad08c0aa89471e4d2e9f8e8d9efa5ac380a1cc31 /logcheck/ignore.d.server | |
| parent | 313ff45f22424a4bb419d2c56800995446b5ea59 (diff) | |
logcheck: misc. updates.
Diffstat (limited to 'logcheck/ignore.d.server')
| -rw-r--r-- | logcheck/ignore.d.server/netatalk | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 7 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/ssh | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 4 |
4 files changed, 10 insertions, 6 deletions
diff --git a/logcheck/ignore.d.server/netatalk b/logcheck/ignore.d.server/netatalk new file mode 100644 index 0000000..c2b309f --- /dev/null +++ b/logcheck/ignore.d.server/netatalk @@ -0,0 +1,3 @@ +afpd\[[0-9]*\]: removed .*/net[\.0-9]*node[0-9]* +atalkd\[[0-9]*\]: .*: zip gnireply from [\.0-9]* \(.*\) +atalkd\[[0-9]*\]: .*: zip ignoring gnireply diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 94eeb10..7a3076d 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -1,9 +1,10 @@ postfix.* table has changed -- exiting postfix/cleanup\[.*\]: warning: premature end-of-input from cleanup socket while reading input attribute name postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied -postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) -postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) -postfix/smtp\[.*\]: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\] +postfix/qmgr\[.*\]: [A-Z0-9]+: skipped, still being delivered +postfix/smtp\[.*\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\) +postfix/smtp\[.*\]: connect to .*: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) +postfix/smtp\[.*\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\] postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+ postfix/smtp\[.*\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh index db1462a..052ea30 100644 --- a/logcheck/ignore.d.server/ssh +++ b/logcheck/ignore.d.server/ssh @@ -4,4 +4,4 @@ sshd\[.*\]: Connection closed by .* sshd\[.*\]: Did not receive ident(ification)? string from [\.[:digit:]]+ sshd\[.*\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\. Don't panic\. sshd\[.*\]: Disconnecting: Your ssh version is too old and is no longer supported\. Please install a newer version\. -sshd\[.*\]: Accepted keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 +sshd\[.*\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 1bbf56a..e124658 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -32,8 +32,8 @@ smbd\[.*\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\) smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\) sshd\[.*]: Failed password for .* sshd\[.*\]: packet_set_maxsize: setting to 4096 -dhcpd-2.2.x: BOOTREQUEST from 00:20:6b:18:20:35 -dhcpd-2.2.x: No applicable record for BOOTP host 00:20:6b:18:20:35 +dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71) +dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71) postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com> snort: .*FrontPage snort: IDS015 - RPC - portmap-request-status: |