diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2004-08-26 13:37:10 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2004-08-26 13:37:10 +0000 |
| commit | f02157a8829f08c93c55a48d9badf0dd29faa088 (patch) | |
| tree | 1e272f438e7293aec27e746b9075233b2c8bef27 /logcheck/violations.ignore.d/temp | |
| parent | d33ce83d363ef4837be13ef166e2073df491a17f (diff) | |
Ignore afpd, not netatalk. Ignore too large postfix messages.
Diffstat (limited to 'logcheck/violations.ignore.d/temp')
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 669ccc2..a217303 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -21,8 +21,8 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: .* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$ -# Failed logins is impossible to deal with here here anyway -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|netatalk|pop|samba)(\(pam_unix\))?\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ +# Failed logins is impossible to deal with through logcheck anyway +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|pop|samba)(\(pam_unix\))?\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> [^[:space:]]+ for (imap|netatalk|pop|samba|ssh) service$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure$ |