diff options
-rw-r--r-- | logcheck/ignore.d.server/dhcp.changes | 18 | ||||
-rw-r--r-- | logcheck/ignore.d.server/local | 22 | ||||
-rw-r--r-- | logcheck/ignore.d.server/squid | 2 | ||||
-rw-r--r-- | logcheck/ignore.d.workstation/local | 22 | ||||
-rw-r--r-- | logcheck/violations.ignore.d/local | 4 | ||||
-rw-r--r-- | logcheck/violations.ignore.d/postfix | 4 |
6 files changed, 36 insertions, 36 deletions
diff --git a/logcheck/ignore.d.server/dhcp.changes b/logcheck/ignore.d.server/dhcp.changes index 41dd58b..35c0615 100644 --- a/logcheck/ignore.d.server/dhcp.changes +++ b/logcheck/ignore.d.server/dhcp.changes @@ -1,10 +1,10 @@ # NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)$ -dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+$ -dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+$ -dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+$ -dhcpd-2.2.x: DHCPINFORM from [\.0-9]+$ -dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)$ -dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+$ +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $ +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ $ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $ +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $ diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 387742c..4ea1ef7 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -31,7 +31,7 @@ named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$ named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$ named\[[0-9]+\]: Received NOTIFY answer -named\[[0-9]+\]: (master|slave) zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ +named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$ @@ -73,15 +73,15 @@ dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.$ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ ### ignore.d.server/dhcp.changes # NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)$ -dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+$ -dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+$ -dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+$ -dhcpd-2.2.x: DHCPINFORM from [\.0-9]+$ -dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)$ -dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+$ +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $ +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ $ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $ +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer$ dhcpd: BOOTREQUEST from [0-9a-f:]+$ @@ -275,7 +275,7 @@ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ -squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+'$ +squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ ### ignore.d.server/ssh sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$ sshd\[[0-9]+\]: Could not reverse map address .*\. diff --git a/logcheck/ignore.d.server/squid b/logcheck/ignore.d.server/squid index e04fe1e..b7c2ca7 100644 --- a/logcheck/ignore.d.server/squid +++ b/logcheck/ignore.d.server/squid @@ -7,4 +7,4 @@ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ -squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+'$ +squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index cc74598..adea955 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -31,7 +31,7 @@ named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$ named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$ named\[[0-9]+\]: Received NOTIFY answer -named\[[0-9]+\]: (master|slave) zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ +named\[[0-9]+\]: (master |slave )?zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$ named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR(-style IXFR)? started$ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$ @@ -73,15 +73,15 @@ dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.$ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ ### ignore.d.server/dhcp.changes # NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)$ -dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+$ -dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+$ -dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+$ -dhcpd-2.2.x: DHCPINFORM from [\.0-9]+$ -dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+$ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)$ -dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+$ +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) $ +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ $ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ $ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ $ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ $ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ $ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) $ +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ $ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer$ dhcpd: BOOTREQUEST from [0-9a-f:]+$ @@ -275,7 +275,7 @@ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log$ squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer$ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.$ -squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+'$ +squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $ ### ignore.d.server/ssh sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$ sshd\[[0-9]+\]: Could not reverse map address .*\. diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 31b000d..043c1f6 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -50,8 +50,8 @@ postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:s postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: Sender address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 8388e47..26da96d 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -12,8 +12,8 @@ postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 450 <[^[:s postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\) postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]>]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: Sender address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^[:space:]>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^[:space:]>]+>: (Helo command|Recipient address) rejected: need fully-qualified address; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^[:space:]>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^[:space:]>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ |