diff options
| -rw-r--r-- | logcheck/ignore.d.server/amavis | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/dhcp.changes | 13 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/dhcp3-common | 10 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/netatalk.changes | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 12 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/samba | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/misc | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/amavis | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netatalk.changes | 4 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 1 |
11 files changed, 34 insertions, 23 deletions
diff --git a/logcheck/ignore.d.server/amavis b/logcheck/ignore.d.server/amavis index 8ec860d..d79389f 100644 --- a/logcheck/ignore.d.server/amavis +++ b/logcheck/ignore.d.server/amavis @@ -1,5 +1,6 @@ +amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*> amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT) amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ -amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+> +amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> diff --git a/logcheck/ignore.d.server/dhcp.changes b/logcheck/ignore.d.server/dhcp.changes index 69bc5f5..f545616 100644 --- a/logcheck/ignore.d.server/dhcp.changes +++ b/logcheck/ignore.d.server/dhcp.changes @@ -1,7 +1,10 @@ # NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+ -dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+ +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+ \((not )?found\) -dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ diff --git a/logcheck/ignore.d.server/dhcp3-common b/logcheck/ignore.d.server/dhcp3-common index 5360ef9..6f503a6 100644 --- a/logcheck/ignore.d.server/dhcp3-common +++ b/logcheck/ignore.d.server/dhcp3-common @@ -1,11 +1,11 @@ dhcpd: Abandoning IP address [\.0-9]+: pinged before offer -dhcpd: BOOTREQUEST from -dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: BOOTREQUEST from [0-9a-f:]+ +dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: DHCPACK to [\.0-9]+ -dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+ -dhcpd: DHCPINFORM from +dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+ +dhcpd: DHCPINFORM from [\.0-9]+ dhcpd: DHCPRELEASE of [\.0-9]+ -dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. dhcpd: accepting packet with data after udp payload. diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes index 4a25f13..012d118 100644 --- a/logcheck/ignore.d.server/netatalk.changes +++ b/logcheck/ignore.d.server/netatalk.changes @@ -5,9 +5,9 @@ afpd\[[0-9]\]: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1) afpd\[[0-9]\]: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\) afpd\[[0-9]\]: Connection terminated afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written +afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: Broken pipe afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer -afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out afpd\[[0-9]\]: [^[:space:]]+: No route to host afpd\[[0-9]\]: [^[:space:]]+: No such file or directory afpd\[[0-9]\]: [^[:space:]]+: Permission denied @@ -20,7 +20,7 @@ afpd\[[0-9]\]: logout [[:alnum:]]+ afpd\[[0-9]\]: registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as /.+/net[\.0-9]+node[0-9]+ afpd\[[0-9]\]: session from [\.:0-9]+ on [\.:0-9]+ afpd\[[0-9]\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success) -afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+ +afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+ atalkd\[[0-9]+\]: [^[:space:]]+: zip gnireply from [\.0-9]+ \([^[:space:]]+\) atalkd\[[0-9]+\]: [^[:space:]]+: zip ignoring gnireply atalkd\[[0-9]\]: [^[:space:]]+: Network is unreachable diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 234b372..18b63b7 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -4,15 +4,17 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration postfix/postfix-script: refreshing the Postfix mail system postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\] postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\) postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+ -postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ +postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local -postfix/smtp\[[0-9]+\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record +postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+ +postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.0-9]+\] +postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\] postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found) diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index 678c6e4..cdbd41f 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,8 +1,7 @@ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP session opened\. proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\. -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?' +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' proftpd\[[0-9]+\]: connect from [\.0-9]+ proftpd\[[0-9]+\]: No certificate files found! proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. diff --git a/logcheck/ignore.d.server/samba b/logcheck/ignore.d.server/samba index 0907448..000daee 100644 --- a/logcheck/ignore.d.server/samba +++ b/logcheck/ignore.d.server/samba @@ -1,2 +1,2 @@ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer) -smbd\[[0-9]+\]: \[[/0-9]+ [:0-9]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) +smbd\[[0-9]+\]: \[[/0-9]+ [0-9:]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\) diff --git a/logcheck/ignore.d.workstation/misc b/logcheck/ignore.d.workstation/misc index 3c6b9d9..366f214 100644 --- a/logcheck/ignore.d.workstation/misc +++ b/logcheck/ignore.d.workstation/misc @@ -1,4 +1,4 @@ # Linux Thin clients -syslogd started: BusyBox v[\.0-9]+ \([:space:]]2\) +syslogd started: BusyBox v[\.0-9]+ \([^[:space:]]+\) init: Entering runlevel: 2 rpc.mountd: authenticated mount request from 192\.168\..* for /home/opt/ltsp/i386 \(/home/opt/ltsp/i386\) diff --git a/logcheck/violations.ignore.d/amavis b/logcheck/violations.ignore.d/amavis new file mode 100644 index 0000000..fb4661c --- /dev/null +++ b/logcheck/violations.ignore.d/amavis @@ -0,0 +1 @@ +amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes new file mode 100644 index 0000000..0e26c15 --- /dev/null +++ b/logcheck/violations.ignore.d/netatalk.changes @@ -0,0 +1,4 @@ +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out +afpd\[[0-9]+\]: afp_getsrvrparms: stat /.+/: Permission denied +afpd\[[0-9]+\]: dsi_stream_read\([[:digit:]]+\): Permission denied +afpd\[[0-9]+\]: getforkparms: (ad_refresh|of_find): Permission denied diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 07fffa5..c5896f3 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -5,6 +5,7 @@ postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\) postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\) postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\) postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\) |