diff options
| -rw-r--r-- | logcheck/ignore.d.server/bind.changes | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/local | 12 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 8 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 12 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 1 |
6 files changed, 16 insertions, 20 deletions
diff --git a/logcheck/ignore.d.server/bind.changes b/logcheck/ignore.d.server/bind.changes index 9f90498..4113949 100644 --- a/logcheck/ignore.d.server/bind.changes +++ b/logcheck/ignore.d.server/bind.changes @@ -13,7 +13,7 @@ named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAX named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$ named\[[0-9]+\]: Received NOTIFY answer named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ -named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$ +named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\))( learnt \([^[:space:]]+\))?$ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$ named\[[0-9]+\]: transfer of '[^[:space:]]+' from [^[:space:]]+: end of transfer$ diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 4ea1ef7..03090a2 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -32,7 +32,7 @@ named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAX named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$ named\[[0-9]+\]: Received NOTIFY answer named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ -named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$ +named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\))( learnt \([^[:space:]]+\))?$ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$ named\[[0-9]+\]: transfer of '[^[:space:]]+' from [^[:space:]]+: end of transfer$ @@ -217,16 +217,14 @@ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local$ -postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ -postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+$ +postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ +postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+$ +postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ @@ -319,7 +317,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9] kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]* kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) -kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$ +kernel: Shorewall:net2all:DROP:.*$ kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 7c72f3f..aa5728b 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -9,13 +9,11 @@ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local$ -postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ -postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+$ +postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ +postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+$ +postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index adea955..f6875e9 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -32,7 +32,7 @@ named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAX named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$ named\[[0-9]+\]: Received NOTIFY answer named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ -named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$ +named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\))( learnt \([^[:space:]]+\))?$ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$ named\[[0-9]+\]: transfer of '[^[:space:]]+' from [^[:space:]]+: end of transfer$ @@ -217,16 +217,14 @@ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local$ -postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ -postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+$ +postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ +postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+$ +postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ @@ -319,7 +317,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9] kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]* kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) -kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$ +kernel: Shorewall:net2all:DROP:.*$ kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 043c1f6..09ffae8 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -53,6 +53,7 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refu postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 26da96d..4e85d53 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -15,6 +15,7 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refu postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> |