diff options
| -rw-r--r-- | logcheck/ignore.d.server/hotplug | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/libgpmg1 | 1 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/local | 15 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/ppp | 9 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 6 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/ssh | 5 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/anacron | 7 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/dhcp-client | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/hotplug | 5 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/ssh | 1 |
13 files changed, 44 insertions, 16 deletions
diff --git a/logcheck/ignore.d.server/hotplug b/logcheck/ignore.d.server/hotplug new file mode 100644 index 0000000..1c07779 --- /dev/null +++ b/logcheck/ignore.d.server/hotplug @@ -0,0 +1,2 @@ +/etc/hotplug/net.agent: invoke if(up|down) ppp[[:digit:]] +/etc/hotplug/net.agent: assuming ppp[[:digit:]] is already up diff --git a/logcheck/ignore.d.server/libgpmg1 b/logcheck/ignore.d.server/libgpmg1 new file mode 100644 index 0000000..52650d1 --- /dev/null +++ b/logcheck/ignore.d.server/libgpmg1 @@ -0,0 +1 @@ +[[:alnum:]]: /dev/gpmctl: No such file or directory diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 40a3c41..afa7ead 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -11,9 +11,9 @@ dhcpd: DHCPNACK on .* to .* via dhcpd: DHCPACK on .* to .* via dhcpd: DHCPDISCOVER from .* via dhcpd: DHCPOFFER on .* to .* via -Fax(Getty|Send)\[.*\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING)+ +Fax(Getty|Send)\[.*\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+ Fax(Getty|Send)\[.*\]: MODEM (ROCKWELL|ZYXEL) .* -FaxGetty\[.*\]: RECV FAX \([[:digit:]]+\): from .*, page .* in [[:digit:]]+:[[:digit:]]+, INF, .* line/mm, 1-D MR(, [[:digit:]]+ bit/s)? +FaxGetty\[.*\]: RECV FAX \([[:digit:]]+\): from .*, page .* in [[:digit:]]+:[[:digit:]]+, INF, .* line/mm, (1|2)-D MR(, [[:digit:]]+ bit/s)? FaxGetty\[.*\]: RECV FAX \([[:digit:]]+\): recvq/fax[[:digit:]]+\.tif from .*, route to .*, [[:digit:]]+ pages in [[:digit:]]+:[[:digit:]]+ FaxGetty\[.*\]: RECV FAX: bin/faxrcvd "recvq/fax[[:digit:]]+\.tif" "ttyS[012]" "[[:digit:]]+" "" FaxGetty\[.*\]: ANSWER: Ring detected without successful handshake @@ -31,8 +31,8 @@ imapd\[.*\]: No route to host, while reading line user=.* host=.* i(map|pop3)d\[.*\]: Killed \(lost mailbox lock\) user=.* host=.* i(map|pop3)d\[.*\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=.* i(map|pop3)d\[.*\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=.* -i(map|pop[2|3])d\[.*\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while reading (line|char) user=.* host=.* -ipop[2|3]d\[.*\]: (connect|pop3 service init) from +i(map|pop[2|3])d\[.*\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|char)|writing text) user=[[:alnum:]] host=.* +ipop[2|3]d\[.*\]: (connect|pop3(s SSL)? service init) from [\.[:digit]]+ ipop3d\[.*\]: Trying to get mailbox lock from process [[:digit:]]+ ipop3d\[.*\]: Error opening or locking INBOX user=.* host=.* ipop3d\[.*\]: Expunge ignored on readonly mailbox @@ -56,13 +56,10 @@ pop-before-smtp\[.*\]: (opening|closing) relay for [\.[:digit:]]+( --- not in my smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer smbd\[.*\]: \[.*\] lib/util_sock.c:read_socket_data\([[:digit:]]+\) squid\[.*\]: Finished. Wrote [[:digit:]]+ entries\. -squid\[.*\]: Took [[:digit:]]+ seconds \(.* entries/sec\)\. +squid\[.*\]: Took [\.[:digit:]]+ seconds \(.* entries/sec\)\. squid\[.*\]: (access|store)LogRotate: Rotating(\.)? +squid\[.*\]: LogfileRotate: /var/log/squid/(access|store).log squid\[.*\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+ squid\[.*\]: NETDB state saved; squid\[.*\]: storeDirWriteCleanLogs: Starting\.\.\. -sshd.*: syslogin_perform_logout: logout\(\) returned an error -sshd.*: Could not reverse map address .*\. -sshd.*: Connection closed by .* -sshd.*: Did not receive ident string from [\.[:digit:]]+ su\[.*\]: \+ pts/[[:digit:]]+ .*-root diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index d960c37..c435472 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -8,3 +8,5 @@ postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me| postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\] postfix/smtpd\[.*\]: warning: .*: address not listed for hostname .* postfix/smtpd\[.*\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) +postfix/postfix-script: refreshing the Postfix mail system +postfix/master\[.*\]: reload configuration diff --git a/logcheck/ignore.d.server/ppp b/logcheck/ignore.d.server/ppp new file mode 100644 index 0000000..595b755 --- /dev/null +++ b/logcheck/ignore.d.server/ppp @@ -0,0 +1,9 @@ +chat\[.*\]: abort on \(.*\) +chat\[.*\]: expect \(.*\) +chat\[.*\]: send \(AT.*\^M\) +chat\[.*\]: -- got it +chat\[.*\]: AT.*\^M\^M +chat\[.*\]: \^M +chat\[.*\]: CONNECT +chat\[.*\]: OK +chat\[.*\]: send \(\\d\) diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index 10e8f74..4f81df2 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,4 +1,6 @@ -proftpd\[.*\]: .* \(.*\) - FTP session opened\. -proftpd\[.*\]: .* \(.*\) - USER (anonymous|ftp) \(Login failed\): Can't find user\. +proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - FTP session opened\. +proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp) \(Login failed\): Can't find user\. +proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp): no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+ +proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)' proftpd\[.*\]: connect from [\.[:digit:]]+ proftpd\[.*\]: No certificate files found! diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh new file mode 100644 index 0000000..9644308 --- /dev/null +++ b/logcheck/ignore.d.server/ssh @@ -0,0 +1,5 @@ +sshd.*: syslogin_perform_logout: logout\(\) returned an error +sshd.*: Could not reverse map address .*\. +sshd.*: Connection closed by .* +sshd.*: Did not receive ident string from [\.[:digit:]]+ +sshd\[.*\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 9297f66..d251510 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -2,6 +2,8 @@ IMP\[.*\]: FAILED .* to .*:143 as .* PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*) afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- Invalid argument +afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory +afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied atalkd\[.*\]: as_timer sendto: Netvaerket er ikke tilgaengeligt FaxGetty\[.*\]: ANSWER: Can not lock modem device gnome-name-server\[.*\]: server_is_alive: .* @@ -27,3 +29,4 @@ smbd[14793]: read_socket_data: recv failure for 4. Error = No route to host smbd\[.*\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\) sshd\[.*]: Failed password for .* +sshd\[.*\]: packet_set_maxsize: setting to 4096 diff --git a/logcheck/ignore.d.workstation/anacron b/logcheck/ignore.d.workstation/anacron new file mode 100644 index 0000000..49b595b --- /dev/null +++ b/logcheck/ignore.d.workstation/anacron @@ -0,0 +1,7 @@ +anacron\[.*\]: Job `cron.daily' terminated( \(exit status: 1\))? \(mailing output\) +anacron\[.*\]: Normal exit \(1 jobs run\) +anacron\[.*\]: Anacron 2.3 started on [[:digit:]-]+ +anacron\[.*\]: Will run job `cron.daily' in 5 min\. +anacron\[.*\]: Jobs will be executed sequentially +anacron\[.*\]: Job `cron.daily' started +anacron\[.*\]: Updated timestamp for job `cron.daily' to [[:digit:]-]+ diff --git a/logcheck/ignore.d.workstation/dhcp-client b/logcheck/ignore.d.workstation/dhcp-client index f3b66df..ce74045 100644 --- a/logcheck/ignore.d.workstation/dhcp-client +++ b/logcheck/ignore.d.workstation/dhcp-client @@ -5,4 +5,4 @@ dhclient-2.2.x: No DHCPOFFERS received\. dhclient-2.2.x: DHCP(ACK|OFFER) from [\.[:digit:]]+ dhclient-2.2.x: bound to .* -- renewal in [[:digit:]]+ seconds\. dhclient-2.2.x: irda0: unknown hardware address type 783 -dhclient-2.2.x: receive_packet failed on eth0: Network is down +dhclient-2.2.x: receive_packet failed on eth[[:digit:]]: Network is down diff --git a/logcheck/ignore.d.workstation/hotplug b/logcheck/ignore.d.workstation/hotplug index beb4eeb..6f71f43 100644 --- a/logcheck/ignore.d.workstation/hotplug +++ b/logcheck/ignore.d.workstation/hotplug @@ -1,3 +1,2 @@ -/etc/hotplug/net.agent: invoke ifup .* -/etc/hotplug/net.agent: invoke if(up|down) .* -/etc/hotplug/net.agent: assuming .* is already up +/etc/hotplug/net.agent: invoke if(up|down) (eth|ppp)[[:digit:]] +/etc/hotplug/net.agent: assuming (eth|ppp)[[:digit:]] is already up diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 49341a0..4929378 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -3,5 +3,5 @@ postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred postfix/smtp\[.*\]: .*: to=<.*>, relay=.*\[.*\], delay=[[:digit:]]+, status=deferred \(host .*\[.*\] said: 450 <.*>: Sender address rejected: Domain not found\) postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection refused|server refused mail service) \(port 25\) postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*> -postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 <.*>: Recipient address rejected: Relay access denied; from=<.*> to=<.*> +postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 <.*>: Recipient address rejected: (Relay )?access denied; from=<.*> to=<.*> postfix/smtpd\[.*\]: warning: .*: hostname .* verification failed: Host (name has no address|not found) diff --git a/logcheck/violations.ignore.d/ssh b/logcheck/violations.ignore.d/ssh new file mode 100644 index 0000000..68f8ca9 --- /dev/null +++ b/logcheck/violations.ignore.d/ssh @@ -0,0 +1 @@ +sshd\[.*\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2 |