diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-05-04 12:36:33 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-05-04 12:36:33 +0000 |
| commit | 97f216c94b2279b3219f0d13fc1a88fe9e80f2fe (patch) | |
| tree | ad08c0aa89471e4d2e9f8e8d9efa5ac380a1cc31 /logcheck | |
| parent | 313ff45f22424a4bb419d2c56800995446b5ea59 (diff) | |
logcheck: misc. updates.
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/netatalk | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 7 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/ssh | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 4 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 9 |
5 files changed, 17 insertions, 8 deletions
diff --git a/logcheck/ignore.d.server/netatalk b/logcheck/ignore.d.server/netatalk new file mode 100644 index 0000000..c2b309f --- /dev/null +++ b/logcheck/ignore.d.server/netatalk @@ -0,0 +1,3 @@ +afpd\[[0-9]*\]: removed .*/net[\.0-9]*node[0-9]* +atalkd\[[0-9]*\]: .*: zip gnireply from [\.0-9]* \(.*\) +atalkd\[[0-9]*\]: .*: zip ignoring gnireply diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 94eeb10..7a3076d 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -1,9 +1,10 @@ postfix.* table has changed -- exiting postfix/cleanup\[.*\]: warning: premature end-of-input from cleanup socket while reading input attribute name postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied -postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) -postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) -postfix/smtp\[.*\]: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\] +postfix/qmgr\[.*\]: [A-Z0-9]+: skipped, still being delivered +postfix/smtp\[.*\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\) +postfix/smtp\[.*\]: connect to .*: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) +postfix/smtp\[.*\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\] postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+ postfix/smtp\[.*\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh index db1462a..052ea30 100644 --- a/logcheck/ignore.d.server/ssh +++ b/logcheck/ignore.d.server/ssh @@ -4,4 +4,4 @@ sshd\[.*\]: Connection closed by .* sshd\[.*\]: Did not receive ident(ification)? string from [\.[:digit:]]+ sshd\[.*\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\. Don't panic\. sshd\[.*\]: Disconnecting: Your ssh version is too old and is no longer supported\. Please install a newer version\. -sshd\[.*\]: Accepted keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 +sshd\[.*\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 1bbf56a..e124658 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -32,8 +32,8 @@ smbd\[.*\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\) smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\) sshd\[.*]: Failed password for .* sshd\[.*\]: packet_set_maxsize: setting to 4096 -dhcpd-2.2.x: BOOTREQUEST from 00:20:6b:18:20:35 -dhcpd-2.2.x: No applicable record for BOOTP host 00:20:6b:18:20:35 +dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71) +dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71) postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com> snort: .*FrontPage snort: IDS015 - RPC - portmap-request-status: diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index ae6a359..e1c3b4b 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,6 +1,11 @@ +postfix/cleanup\[.*\]: [A-Z0-9]+: message-id=<.*@Debug> postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied -postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[[\.[:digit:]]+\]: (Connection refused|server refused mail service)\) -postfix/smtp\[.*\]: .*: to=<.*>, relay=.*\[[\.[:digit:]]+\], delay=[[:digit:]]+, status=deferred \(host .*\[[\.[:digit:]]+\] said: 450 <.*>: Sender address rejected: Domain not found\) +postfix/smtp\[.*\]: .* status=bounced \(bad host/domain syntax: ".*"\) +postfix/smtp\[.*\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\) +postfix/smtp\[.*\]: .* status=deferred \(host .* said: 450 <.*>: Sender address rejected: Domain not found\) +postfix/smtp\[.*\]: .* status=deferred \(host .* said: 451 Transaction failed.\) +postfix/smtp\[.*\]: .* status=deferred \(host .* said: 550 .* User unknown; rejecting\) +postfix/smtp\[.*\]: .* status=deferred \(host .* said: 550 .* Relaying denied\) postfix/smtp\[.*\]: connect to .*\[[\.[:digit:]]+\]: (Connection refused|server refused mail service) \(port 25\) postfix/smtpd\[.*\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*> postfix/smtpd\[.*\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 <.*>: Recipient address rejected: (A|Relay a)ccess denied; from=<.*> to=<.*> |