diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/amavis | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 8 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 5 |
6 files changed, 13 insertions, 9 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 03090a2..7999146 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -221,10 +221,10 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index aa5728b..5601818 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -13,7 +13,7 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index f6875e9..248de07 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -221,10 +221,10 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ -postfix/smtpd\[[0-9]+\]: warning: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in MAIL command: <[^[:space:]>]+>$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ diff --git a/logcheck/violations.ignore.d/amavis b/logcheck/violations.ignore.d/amavis index 5dfdc18..ba87dbc 100644 --- a/logcheck/violations.ignore.d/amavis +++ b/logcheck/violations.ignore.d/amavis @@ -1,6 +1,7 @@ amavis\[[0-9]+\]: Checking: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ -amavis\[[0-9]+\]: SMTP-in \[[\.0-9]+\] /var/lib/amavis/amavis[0-9-]+: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ +amavis\[[0-9]+\]: SMTP-in \[[\.0-9]+\] /var/lib/amavis/amavis-[^[:space:]:-]+: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>$ +amavis\[[0-9]+\]: fwd via smtp: \[[\.0-9]+:10025\] <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+$ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?$ amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 09ffae8..1f57dfb 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -1,7 +1,8 @@ ### violations.ignore.d/amavis amavis\[[0-9]+\]: Checking: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ -amavis\[[0-9]+\]: SMTP-in \[[\.0-9]+\] /var/lib/amavis/amavis[0-9-]+: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ +amavis\[[0-9]+\]: SMTP-in \[[\.0-9]+\] /var/lib/amavis/amavis-[^[:space:]:-]+: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>$ +amavis\[[0-9]+\]: fwd via smtp: \[[\.0-9]+:10025\] <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+$ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?$ amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+$ @@ -36,6 +37,7 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ### violations.ignore.d/pmud pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix +postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]>]+ verification failed: Host not found, try again$ postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\) postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ @@ -52,12 +54,12 @@ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 4e85d53..e5f3e8e 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,3 +1,4 @@ +postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]>]+ verification failed: Host not found, try again$ postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\) postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ @@ -14,9 +15,9 @@ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ |