diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 25 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/netatalk.changes | 18 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 7 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 25 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 5 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 5 |
6 files changed, 48 insertions, 37 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index cc062ca..d861656 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -150,15 +150,15 @@ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[ nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes -afpd\[[0-9]+\]: ([^[:space:]:]+: E:AFPDaemon: )?afp_alarm: child timed out$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?Connection terminated$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ +afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$ afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$ afpd\[[0-9]+\]: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ @@ -211,22 +211,25 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ -postfix/smtp\[[0-9]+\]: Peer certficate could not be verified$ +postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ -postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ +postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes index 55622b5..ecbbae5 100644 --- a/logcheck/ignore.d.server/netatalk.changes +++ b/logcheck/ignore.d.server/netatalk.changes @@ -1,12 +1,12 @@ -afpd\[[0-9]+\]: ([^[:space:]:]+: E:AFPDaemon: )?afp_alarm: child timed out$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?Connection terminated$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ +afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$ afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$ afpd\[[0-9]+\]: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 54eeb93..8015d24 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -4,22 +4,25 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ -postfix/smtp\[[0-9]+\]: Peer certficate could not be verified$ +postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ -postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ +postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 9178eb1..5ce36d9 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -150,15 +150,15 @@ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[ nagios: Auto-save of retention data completed successfully\. $ nagios: LOG ROTATION: DAILY $ ### ignore.d.server/netatalk.changes -afpd\[[0-9]+\]: ([^[:space:]:]+: E:AFPDaemon: )?afp_alarm: child timed out$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?Connection terminated$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ -afpd\[[0-9]+\]: ([^[:space:]:]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ +afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$ +afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$ afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$ afpd\[[0-9]+\]: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$ @@ -211,22 +211,25 @@ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum: postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ -postfix/smtp\[[0-9]+\]: Peer certficate could not be verified$ +postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ -postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ +postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 137f6f9..81b39d0 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -57,7 +57,6 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Tr postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ @@ -66,11 +65,13 @@ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verif # These are only for postfix << 2.0: postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index e29f91e..8cef0f1 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -18,7 +18,6 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Tr postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ @@ -27,8 +26,10 @@ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verif # These are only for postfix << 2.0: postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ |