diff options
| -rw-r--r-- | logcheck/ignore.d.server/anacron | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/hylafax-server | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/local | 22 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/nagios | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/netsaint | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/uw-imap.changes | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 22 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netsaint | 1 |
11 files changed, 41 insertions, 27 deletions
diff --git a/logcheck/ignore.d.server/anacron b/logcheck/ignore.d.server/anacron index 8ff87a9..e24ddc2 100644 --- a/logcheck/ignore.d.server/anacron +++ b/logcheck/ignore.d.server/anacron @@ -1,5 +1,5 @@ anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$ -anacron\[[0-9]+\]: Normal exit$ +anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$ anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$ anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$ anacron\[[0-9]+\]: Jobs will be executed sequentially$ diff --git a/logcheck/ignore.d.server/hylafax-server b/logcheck/ignore.d.server/hylafax-server index f6fedfb..11821d8 100644 --- a/logcheck/ignore.d.server/hylafax-server +++ b/logcheck/ignore.d.server/hylafax-server @@ -2,9 +2,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ -FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$ +FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index fd20c8c..d942973 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -10,7 +10,7 @@ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:spa amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$ ### ignore.d.server/anacron anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$ -anacron\[[0-9]+\]: Normal exit$ +anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$ anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$ anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$ anacron\[[0-9]+\]: Jobs will be executed sequentially$ @@ -110,9 +110,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ -FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$ +FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ @@ -148,7 +148,7 @@ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$ ### ignore.d.server/nagios -nagios: Auto-save of retention data completed successfully\.$ +nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY$ ### ignore.d.server/netatalk.changes afpd\[[0-9]+\]: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ @@ -178,8 +178,11 @@ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [ papd\[[0-9]+\]: child [0-9]+ done$ papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ ### ignore.d.server/netsaint -netsaint: Auto-save of retention data completed successfully\.$ netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$ +netsaint: Auto-save of retention data completed successfully\.$ +netsaint: Caught SIGTERM, shutting down\.\.\. $ +netsaint: Entering active mode\.\.\. $ +netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $ ### ignore.d.server/nfs-kernel-server mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$ @@ -237,7 +240,7 @@ chat\[[0-9]+\]: CONNECT$ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$ @@ -297,9 +300,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p # old-style pam entries (no longer provided by logcheck but needed on woody PAM_.*: .* session (opened|closed) for user .* ## netatalk -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*) +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*) afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied afpd\[[0-9]+\]: bad function 7A atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt @@ -315,6 +318,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9] kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]* kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$ kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed @@ -378,7 +382,7 @@ amavis\[[0-9]+\]: warning - MIME::Parser error: .* ucd-snmp\[[0-9]+\]: Connection from .* ### ignore.d.server/uw-imap.changes i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ -i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$ +i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$ i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from diff --git a/logcheck/ignore.d.server/nagios b/logcheck/ignore.d.server/nagios index 9d85d89..2ab0696 100644 --- a/logcheck/ignore.d.server/nagios +++ b/logcheck/ignore.d.server/nagios @@ -1,2 +1,2 @@ -nagios: Auto-save of retention data completed successfully\.$ +nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY$ diff --git a/logcheck/ignore.d.server/netsaint b/logcheck/ignore.d.server/netsaint index 8167301..879351c 100644 --- a/logcheck/ignore.d.server/netsaint +++ b/logcheck/ignore.d.server/netsaint @@ -1,2 +1,5 @@ -netsaint: Auto-save of retention data completed successfully\.$ netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$ +netsaint: Auto-save of retention data completed successfully\.$ +netsaint: Caught SIGTERM, shutting down\.\.\. $ +netsaint: Entering active mode\.\.\. $ +netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $ diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index a2a4cce..78a3df4 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,4 +1,4 @@ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index b274fe9..d0537c1 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -5,9 +5,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p # old-style pam entries (no longer provided by logcheck but needed on woody PAM_.*: .* session (opened|closed) for user .* ## netatalk -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*) +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*) afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied afpd\[[0-9]+\]: bad function 7A atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt @@ -23,6 +23,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9] kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]* kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$ kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed diff --git a/logcheck/ignore.d.server/uw-imap.changes b/logcheck/ignore.d.server/uw-imap.changes index fbdd563..6fdbd1d 100644 --- a/logcheck/ignore.d.server/uw-imap.changes +++ b/logcheck/ignore.d.server/uw-imap.changes @@ -1,5 +1,5 @@ i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ -i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$ +i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$ i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index a89d585..8b15ef8 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -10,7 +10,7 @@ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:spa amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$ ### ignore.d.server/anacron anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$ -anacron\[[0-9]+\]: Normal exit$ +anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$ anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$ anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$ anacron\[[0-9]+\]: Jobs will be executed sequentially$ @@ -110,9 +110,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$ -FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$ +FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$ FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$ -FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$ +FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$ @@ -148,7 +148,7 @@ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$ ### ignore.d.server/nagios -nagios: Auto-save of retention data completed successfully\.$ +nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY$ ### ignore.d.server/netatalk.changes afpd\[[0-9]+\]: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ @@ -178,8 +178,11 @@ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [ papd\[[0-9]+\]: child [0-9]+ done$ papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$ ### ignore.d.server/netsaint -netsaint: Auto-save of retention data completed successfully\.$ netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$ +netsaint: Auto-save of retention data completed successfully\.$ +netsaint: Caught SIGTERM, shutting down\.\.\. $ +netsaint: Entering active mode\.\.\. $ +netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $ ### ignore.d.server/nfs-kernel-server mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$ @@ -237,7 +240,7 @@ chat\[[0-9]+\]: CONNECT$ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$ @@ -297,9 +300,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p # old-style pam entries (no longer provided by logcheck but needed on woody PAM_.*: .* session (opened|closed) for user .* ## netatalk -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*) +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*) afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory +afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied afpd\[[0-9]+\]: bad function 7A atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt @@ -315,6 +318,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9] kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]* kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) +kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$ kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed @@ -378,7 +382,7 @@ amavis\[[0-9]+\]: warning - MIME::Parser error: .* ucd-snmp\[[0-9]+\]: Connection from .* ### ignore.d.server/uw-imap.changes i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ -i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$ +i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$ i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$ imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index c5de5da..621ae62 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -32,6 +32,7 @@ netsaint: SERVICE NOTIFICATION:.*;CRITICAL;notify-by-.*;Connection refused by ho netsaint: SERVICE ALERT: mail;SMTP;OK;.* OK - 0 second response time netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.* netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.* +netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ### violations.ignore.d/pmud pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix diff --git a/logcheck/violations.ignore.d/netsaint b/logcheck/violations.ignore.d/netsaint index d8f83b2..0bc9d58 100644 --- a/logcheck/violations.ignore.d/netsaint +++ b/logcheck/violations.ignore.d/netsaint @@ -8,3 +8,4 @@ netsaint: SERVICE NOTIFICATION:.*;CRITICAL;notify-by-.*;Connection refused by ho netsaint: SERVICE ALERT: mail;SMTP;OK;.* OK - 0 second response time netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.* netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.* +netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ |