diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2008-01-26 11:16:38 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2008-01-26 11:16:38 +0000 |
| commit | b4aee7e9069efecfff7016bcdfcc8c776e847e86 (patch) | |
| tree | 190acb8167a48e8bd01bbba6b58b6a66e53dd34e /logcheck | |
| parent | 0e3235de4c534f71fa28131276ea542b6b53f051 (diff) | |
Update masterfiles.
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 8 |
2 files changed, 6 insertions, 4 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index cbbc5d9..632598f 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -82,6 +82,8 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: IMAP\([^[:space:]]*\): Connection closed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap-login: Aborted login \(3 authentication attempts\): user=<[^[:space:]]*>, method=LOGIN, rip=127\.0\.0\.1, lip=127\.0\.0\.1, secured$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 1c0f46a..d733132 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -7,7 +7,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dccifd\[[0-9]+\]: [.0-9]+ rejected messages to [0-9]+ targets and discarded messages to [0-9]+ targets among [0-9]+ total since [/0-9]+ [:0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xayide dovecot\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= $ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=[^[:space:]]* rhost=127\.0\.0\.1 user=[^[:space:]]*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ @@ -46,9 +46,9 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^>]*>.*$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^[:space:]]* has a valid A record$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^[:space:]]*:.*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^>]*>.*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]* has a valid A record$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^[:space:]]*:.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer ?$ |