diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 17 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/netatalk.changes | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/nfs-kernel-server | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tftpd | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 17 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 2 |
8 files changed, 33 insertions, 20 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 11ec7d2..5bb8a64 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -120,6 +120,8 @@ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ IMP\[[0-9]+\]: Login .* to .*:143 as .* ### ignore.d.server/libgpmg1 [[:alnum:]]+: /dev/gpmctl: No such file or directory$ +### ignore.d.server/libgpmg1.da_DK +[[:alnum:]]+: /dev/gpmctl: Ingen sådan fil eller filkatalog$ ### ignore.d.server/libpam-modules pam_limits\[[0-9]+\]: default limits skipped for 'root'$ ### ignore.d.server/mailutils-imap4d @@ -176,8 +178,8 @@ afpd\[[0-9]+\]: session from [\.:0-9]+ on [\.:0-9]+$ afpd\[[0-9]+\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ -papd\[[0-9]+\]: child [0-9]+ done$ -papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ ### ignore.d.server/netsaint netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$ netsaint: Auto-save of retention data completed successfully\. $ @@ -187,7 +189,7 @@ netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $ ### ignore.d.server/nfs-kernel-server mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$ -rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]* \(/[^[:space:]\)]*\) $ +rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]+ \(/[^[:space:]\)]+\) $ ### ignore.d.server/non-debian # These entries are for syslogd open for remote hosts # (and advertised through DHCP) @@ -214,11 +216,13 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ -postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 +postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: cert has expired$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ +postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ @@ -232,6 +236,7 @@ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid chara postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ +postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ @@ -304,8 +309,8 @@ sshd\[[0-9]+\]: subsystem request for sftp$ ### ignore.d.server/ssmtp sSMTP mail\[[0-9]+\]: .* sent mail for root ### ignore.d.server/tftpd -in.tftpd\[[0-9]+\]: RRQ from.*filename.* -in.tftpd\[[0-9]+\]: tftp: client does not accept options +in\.tftpd\[[0-9]+\]: RRQ from [\.0-9]+ filename [^[:space:]]+ $ +in\.tftpd\[[0-9]+\]: tftp: client does not accept options ### ignore.d.server/tmp ## imp IMP\[[0-9]+\]: FAILED .* to .*:143 as .* diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes index ecbbae5..043be4d 100644 --- a/logcheck/ignore.d.server/netatalk.changes +++ b/logcheck/ignore.d.server/netatalk.changes @@ -22,5 +22,5 @@ afpd\[[0-9]+\]: session from [\.:0-9]+ on [\.:0-9]+$ afpd\[[0-9]+\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ -papd\[[0-9]+\]: child [0-9]+ done$ -papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ diff --git a/logcheck/ignore.d.server/nfs-kernel-server b/logcheck/ignore.d.server/nfs-kernel-server index 70d2179..ce04275 100644 --- a/logcheck/ignore.d.server/nfs-kernel-server +++ b/logcheck/ignore.d.server/nfs-kernel-server @@ -1,3 +1,3 @@ mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$ -rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]* \(/[^[:space:]\)]*\) $ +rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]+ \(/[^[:space:]\)]+\) $ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index d742dbf..f2eeb48 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -5,11 +5,13 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ -postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 +postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: cert has expired$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ +postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ @@ -23,6 +25,7 @@ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid chara postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ +postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ diff --git a/logcheck/ignore.d.server/tftpd b/logcheck/ignore.d.server/tftpd index 8711e09..887c704 100644 --- a/logcheck/ignore.d.server/tftpd +++ b/logcheck/ignore.d.server/tftpd @@ -1,2 +1,2 @@ -in.tftpd\[[0-9]+\]: RRQ from.*filename.* -in.tftpd\[[0-9]+\]: tftp: client does not accept options +in\.tftpd\[[0-9]+\]: RRQ from [\.0-9]+ filename [^[:space:]]+ $ +in\.tftpd\[[0-9]+\]: tftp: client does not accept options diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 0cd9c9c..1155f8a 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -120,6 +120,8 @@ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ IMP\[[0-9]+\]: Login .* to .*:143 as .* ### ignore.d.server/libgpmg1 [[:alnum:]]+: /dev/gpmctl: No such file or directory$ +### ignore.d.server/libgpmg1.da_DK +[[:alnum:]]+: /dev/gpmctl: Ingen sådan fil eller filkatalog$ ### ignore.d.server/libpam-modules pam_limits\[[0-9]+\]: default limits skipped for 'root'$ ### ignore.d.server/mailutils-imap4d @@ -176,8 +178,8 @@ afpd\[[0-9]+\]: session from [\.:0-9]+ on [\.:0-9]+$ afpd\[[0-9]+\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ -papd\[[0-9]+\]: child [0-9]+ done$ -papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ +papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ ### ignore.d.server/netsaint netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$ netsaint: Auto-save of retention data completed successfully\. $ @@ -187,7 +189,7 @@ netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $ ### ignore.d.server/nfs-kernel-server mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$ -rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]* \(/[^[:space:]\)]*\) $ +rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]+ \(/[^[:space:]\)]+\) $ ### ignore.d.server/non-debian # These entries are for syslogd open for remote hosts # (and advertised through DHCP) @@ -214,11 +216,13 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ -postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 +postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: cert has expired$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ +postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ @@ -232,6 +236,7 @@ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid chara postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ +postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ @@ -304,8 +309,8 @@ sshd\[[0-9]+\]: subsystem request for sftp$ ### ignore.d.server/ssmtp sSMTP mail\[[0-9]+\]: .* sent mail for root ### ignore.d.server/tftpd -in.tftpd\[[0-9]+\]: RRQ from.*filename.* -in.tftpd\[[0-9]+\]: tftp: client does not accept options +in\.tftpd\[[0-9]+\]: RRQ from [\.0-9]+ filename [^[:space:]]+ $ +in\.tftpd\[[0-9]+\]: tftp: client does not accept options ### ignore.d.server/tmp ## imp IMP\[[0-9]+\]: FAILED .* to .*:143 as .* diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 007e6af..55ef9f8 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -52,7 +52,7 @@ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification # These are only for postfix << 2.0: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]*>( to=<[^[:space:]>]+>)? proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^[:space:]>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 154ae45..af63de0 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -13,4 +13,4 @@ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification # These are only for postfix << 2.0: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]*>( to=<[^[:space:]>]+>)? proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^[:space:]>]+>$ |