diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 9 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/netatalk.changes | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 9 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/libpam-modules | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 7 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netatalk.changes | 4 |
7 files changed, 27 insertions, 13 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 2779d94..9f9264f 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -154,6 +154,8 @@ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[ nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes +# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ @@ -161,7 +163,6 @@ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:] afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$ -afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ @@ -178,7 +179,7 @@ afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$ afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$ afpd\[[0-9]+\]: login noauth$ -atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ +atalkd\[[0-9]+\]: as_timer sendto [\.0-9]+ \([0-9]+\): Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ @@ -364,9 +365,11 @@ smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9 smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ +smbd\[[0-9]+\]: (alevrius_|localhost) ([\.0-9]+) couldn't find service c $ smbd\[[0-9]+\]: api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD. $ smbd\[[0-9]+\]: prs_mem_get: reading data of size 4 would overrun buffer. $ -smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_pipe.c:api_rpcTNP|rpc_server/srv_srvsvc.c:api_srv_net_share_add|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $ ## ssh sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes index f7df007..f8374a9 100644 --- a/logcheck/ignore.d.server/netatalk.changes +++ b/logcheck/ignore.d.server/netatalk.changes @@ -1,3 +1,5 @@ +# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ @@ -5,7 +7,6 @@ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:] afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$ -afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ @@ -22,7 +23,7 @@ afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$ afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$ afpd\[[0-9]+\]: login noauth$ -atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ +atalkd\[[0-9]+\]: as_timer sendto [\.0-9]+ \([0-9]+\): Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 520c4c6..0d86eb5 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -48,9 +48,11 @@ smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9 smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ +smbd\[[0-9]+\]: (alevrius_|localhost) ([\.0-9]+) couldn't find service c $ smbd\[[0-9]+\]: api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD. $ smbd\[[0-9]+\]: prs_mem_get: reading data of size 4 would overrun buffer. $ -smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_pipe.c:api_rpcTNP|rpc_server/srv_srvsvc.c:api_srv_net_share_add|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $ ## ssh sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 0625be4..918222f 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -154,6 +154,8 @@ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[ nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes +# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ @@ -161,7 +163,6 @@ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:] afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$ -afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ @@ -178,7 +179,7 @@ afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$ afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$ afpd\[[0-9]+\]: login noauth$ -atalkd\[[0-9]+\]: as_timer sendto: Network is unreachable $ +atalkd\[[0-9]+\]: as_timer sendto [\.0-9]+ \([0-9]+\): Network is unreachable $ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$ papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ @@ -364,9 +365,11 @@ smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9 smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ +smbd\[[0-9]+\]: (alevrius_|localhost) ([\.0-9]+) couldn't find service c $ smbd\[[0-9]+\]: api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD. $ smbd\[[0-9]+\]: prs_mem_get: reading data of size 4 would overrun buffer. $ -smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_pipe.c:api_rpcTNP|rpc_server/srv_srvsvc.c:api_srv_net_share_add|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $ +smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $ ## ssh sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ diff --git a/logcheck/violations.ignore.d/libpam-modules b/logcheck/violations.ignore.d/libpam-modules index cbd3b4b..466ca4a 100644 --- a/logcheck/violations.ignore.d/libpam-modules +++ b/logcheck/violations.ignore.d/libpam-modules @@ -1 +1 @@ -pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$
\ No newline at end of file +pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index b5107a3..cc2b4fd 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -15,13 +15,16 @@ named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused$ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down$ ### violations.ignore.d/libpam-modules -pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$### violations.ignore.d/misc +pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$ +### violations.ignore.d/misc # This one shows up with firewalls blocking SMB ports non-silently kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) ### violations.ignore.d/netatalk.changes +# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ +afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$ afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$ -afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$ ### violations.ignore.d/netsaint netsaint: SERVICE ALERT:.*;PING;CRITICAL;.*;PING CRITICAL - Packet loss =.*%, RTA =.*ms diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes index 16bda97..b756dc0 100644 --- a/logcheck/violations.ignore.d/netatalk.changes +++ b/logcheck/violations.ignore.d/netatalk.changes @@ -1,4 +1,6 @@ +# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ +afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$ afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$ -afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$ |