logcheck: Filter out some noise.

3 files changed, 11 insertions, 2 deletions

diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index 21d8da9..36825b6 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -77,9 +77,11 @@ postfix.* table has changed -- exiting
 postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\)
 postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)
 postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+
-postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from .*\[.*\]
+postfix/smtp\[.*\]: warning: no MX host for [\.[:anum:]]+ has a valid A record
+postfix/smtp\[.*\]: warning: host [\.[:anum:]]+\[[\.[:digit:]]+\] greeted me with my own hostname [\.[:anum:]]+
+postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from [\.[:anum:]]+\[[\.[:digit:]]+\]
 postfix/smtpd\[.*\]: warning: .*: address not listed for hostname .*
-postfix/smtpd\[.*\]: warning: .*: hostname .* verification failed: Host (name has no address|not found)
+postfix/smtpd\[.*\]: warning: .*: hostname [\.[:anum:]]+ verification failed: Host (name has no address|not found)
 proftpd\[.*\]: .* \(.*\) - FTP session opened\.
 proftpd\[.*\]: .* \(.*\) - USER (anonymous|ftp) \(Login failed\): Can't find user\.
 smbd\[.*\]:   read_socket_data: recv failure for 4\. Error = Connection reset by peer
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 5376966..60b1292 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -9,10 +9,14 @@ kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: OPEN: [\.[:digit:]]* -> [\.[:digit:]]* UDP, port: [[:digit:]]* -> [[:digit:]]*
 kernel: Undo( partial)? (Hoe|loss|retrans)
 kernel: Disorder[[:digit:]] [[:digit:]] [[:digit:]] f[[:digit:]] s[[:digit:]] rr[[:digit:]]
+kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
 ntpd\[.*\]: synchronisation lost
 ntpd\[.*\]: time reset [\.-[:digit:]]+ s
 PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
 portsentry\[.*\]: attackalert: .*
+smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
+smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:anum:]]+ !
+smbd[14793]:   read_socket_data: recv failure for 4. Error = No route to host
 sshd\[.*]: Failed password for .*
 pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
 gnome-name-server\[.*\]: server_is_alive: .*
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 8e75e17..2545af4 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -3,7 +3,10 @@ afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- Invalid a
 IMP\[.*\]: FAILED .* to .*:143 as .*
 i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
+kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
 PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
 portsentry\[.*\]: attackalert: .*
+smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:anum:]]+ !
+smbd[14793]:   read_socket_data: recv failure for 4. Error = No route to host
 sshd\[.*]: Failed password for .*
 pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument