diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 55 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 57 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 8 |
3 files changed, 69 insertions, 51 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index e938fe8..4556eed 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -1,11 +1,12 @@ ### ignore.d.server/amanda amandad\[[0-9]+\]: connect from ### ignore.d.server/amavis +amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*> amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT) amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ -amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+> +amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> ### ignore.d.server/anacron anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))? anacron\[[0-9]+\]: Normal exit @@ -56,27 +57,30 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)? dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+ dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\. dhclient(-2.2.x)?: irda0: unknown hardware address type 783 -### ignore.d.server/dhcp.changes -# NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+ -dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+ \((not )?found\) -dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd: BOOTREQUEST from -dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: BOOTREQUEST from [0-9a-f:]+ +dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: DHCPACK to [\.0-9]+ -dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+ -dhcpd: DHCPINFORM from +dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+ +dhcpd: DHCPINFORM from [\.0-9]+ dhcpd: DHCPRELEASE of [\.0-9]+ -dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. dhcpd: accepting packet with data after udp payload. dhcpd: ip length 576 disagrees with bytes received 590. +### ignore.d.server/dhcp.changes +# NB: dhcp3 entries are in dhcp3-common +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ ### ignore.d.server/gdm gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\. ### ignore.d.server/gdm.da_DK @@ -136,9 +140,9 @@ afpd\[[0-9]\]: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1) afpd\[[0-9]\]: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\) afpd\[[0-9]\]: Connection terminated afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written +afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: Broken pipe afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer -afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: No route to host afpd\[[0-9]\]: [^[:space:]]+: No such file or directory afpd\[[0-9]\]: [^[:space:]]+: Permission denied @@ -151,7 +155,7 @@ afpd\[[0-9]\]: logout [[:alnum:]]+ afpd\[[0-9]\]: registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as /.+/net[\.0-9]+node[0-9]+ afpd\[[0-9]\]: session from [\.:0-9]+ on [\.:0-9]+ afpd\[[0-9]\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success) -afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+ +afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+ atalkd\[[0-9]+\]: [^[:space:]]+: zip gnireply from [\.0-9]+ \([^[:space:]]+\) atalkd\[[0-9]+\]: [^[:space:]]+: zip ignoring gnireply atalkd\[[0-9]\]: [^[:space:]]+: Network is unreachable @@ -189,18 +193,20 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration postfix/postfix-script: refreshing the Postfix mail system postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\] postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\) postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+ -postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ +postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local -postfix/smtp\[[0-9]+\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record +postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+ +postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\] postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found) ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\. postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\. @@ -217,15 +223,14 @@ chat\[[0-9]+\]: send \(\\d\) ### ignore.d.server/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP session opened\. proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?' +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' proftpd\[[0-9]+\]: connect from [\.0-9]+ proftpd\[[0-9]+\]: No certificate files found! proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. ### ignore.d.server/samba smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer) -smbd\[[0-9]+\]: \[[/0-9]+ [:0-9]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) +smbd\[[0-9]+\]: \[[/0-9]+ [0-9:]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) ### ignore.d.server/spamassassin spamd\[[0-9]+\]: Creating default_prefs spamd\[[0-9]+\]: connection from .* at port diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index c7a6034..3510218 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -1,11 +1,12 @@ ### ignore.d.server/amanda amandad\[[0-9]+\]: connect from ### ignore.d.server/amavis +amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*> amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT) amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ -amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+> +amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> ### ignore.d.server/anacron anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))? anacron\[[0-9]+\]: Normal exit @@ -56,27 +57,30 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)? dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+ dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\. dhclient(-2.2.x)?: irda0: unknown hardware address type 783 -### ignore.d.server/dhcp.changes -# NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+ -dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+ \((not )?found\) -dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd: BOOTREQUEST from -dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: BOOTREQUEST from [0-9a-f:]+ +dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: DHCPACK to [\.0-9]+ -dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+ -dhcpd: DHCPINFORM from +dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+ +dhcpd: DHCPINFORM from [\.0-9]+ dhcpd: DHCPRELEASE of [\.0-9]+ -dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. dhcpd: accepting packet with data after udp payload. dhcpd: ip length 576 disagrees with bytes received 590. +### ignore.d.server/dhcp.changes +# NB: dhcp3 entries are in dhcp3-common +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ ### ignore.d.server/gdm gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\. ### ignore.d.server/gdm.da_DK @@ -136,9 +140,9 @@ afpd\[[0-9]\]: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1) afpd\[[0-9]\]: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\) afpd\[[0-9]\]: Connection terminated afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written +afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: Broken pipe afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer -afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: No route to host afpd\[[0-9]\]: [^[:space:]]+: No such file or directory afpd\[[0-9]\]: [^[:space:]]+: Permission denied @@ -151,7 +155,7 @@ afpd\[[0-9]\]: logout [[:alnum:]]+ afpd\[[0-9]\]: registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as /.+/net[\.0-9]+node[0-9]+ afpd\[[0-9]\]: session from [\.:0-9]+ on [\.:0-9]+ afpd\[[0-9]\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success) -afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+ +afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+ atalkd\[[0-9]+\]: [^[:space:]]+: zip gnireply from [\.0-9]+ \([^[:space:]]+\) atalkd\[[0-9]+\]: [^[:space:]]+: zip ignoring gnireply atalkd\[[0-9]\]: [^[:space:]]+: Network is unreachable @@ -189,18 +193,20 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration postfix/postfix-script: refreshing the Postfix mail system postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\] postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\) postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+ -postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ +postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local -postfix/smtp\[[0-9]+\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record +postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+ +postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\] postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found) ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\. postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\. @@ -217,15 +223,14 @@ chat\[[0-9]+\]: send \(\\d\) ### ignore.d.server/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP session opened\. proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?' +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' proftpd\[[0-9]+\]: connect from [\.0-9]+ proftpd\[[0-9]+\]: No certificate files found! proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. ### ignore.d.server/samba smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer) -smbd\[[0-9]+\]: \[[/0-9]+ [:0-9]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) +smbd\[[0-9]+\]: \[[/0-9]+ [0-9:]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) ### ignore.d.server/spamassassin spamd\[[0-9]+\]: Creating default_prefs spamd\[[0-9]+\]: connection from .* at port @@ -387,7 +392,7 @@ gnome-name-server\[[0-9]+\]: name server starting gnome-name-server\[[0-9]+\]: server_is_alive: .* ### ignore.d.workstation/misc # Linux Thin clients -syslogd started: BusyBox v[\.0-9]+ \([:space:]]2\) +syslogd started: BusyBox v[\.0-9]+ \([^[:space:]]+\) init: Entering runlevel: 2 rpc.mountd: authenticated mount request from 192\.168\..* for /home/opt/ltsp/i386 \(/home/opt/ltsp/i386\) ### ignore.d.workstation/ntpdate diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 1d49e26..d354356 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -1,3 +1,5 @@ +### violations.ignore.d/amavis +amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> ### violations.ignore.d/bind named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied @@ -7,6 +9,11 @@ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down ### violations.ignore.d/misc # This one shows up with firewalls blocking SMB ports non-silently kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) +### violations.ignore.d/netatalk.changes +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out +afpd\[[0-9]+\]: afp_getsrvrparms: stat /.+/: Permission denied +afpd\[[0-9]+\]: dsi_stream_read\([[:digit:]]+\): Permission denied +afpd\[[0-9]+\]: getforkparms: (ad_refresh|of_find): Permission denied ### violations.ignore.d/netsaint netsaint: SERVICE ALERT:.*;PING;CRITICAL;.*;PING CRITICAL - Packet loss =.*%, RTA =.*ms netsaint: SERVICE ALERT:.*;ROUTER;CRITICAL;.*;CRITICAL - Plugin timed out after 10 seconds @@ -28,6 +35,7 @@ postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\) postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\) postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\) |