summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--logcheck/ignore.d.server/local21
-rw-r--r--logcheck/ignore.d.server/murasaki4
-rw-r--r--logcheck/ignore.d.server/samba2
-rw-r--r--logcheck/ignore.d.server/squid7
-rw-r--r--logcheck/ignore.d.server/ssh11
-rw-r--r--logcheck/ignore.d.server/ssmtp2
-rw-r--r--logcheck/ignore.d.server/tmp6
-rw-r--r--logcheck/ignore.d.server/uw-imap12
-rw-r--r--logcheck/violations.ignore.d/local1
-rw-r--r--logcheck/violations.ignore.d/proftpd1
-rw-r--r--logcheck/violations.ignore.d/temp5
11 files changed, 38 insertions, 34 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index 54eacc5..7edddec 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -26,18 +26,6 @@ gnu-imap4d\[.*\]: User '[[:alnum:]]+' logged in
gnu-imap4d\[.*\]: Session timed out for user: [[:alnum:]]+
gnu-imap4d\[.*\]: got signal Alarm clock
HylaFAX\[.*\]: Filesystem has SysV-style file creation semantics.
-imapd\[.*\]: (port 143|imap|imaps SSL) service init from
-imapd\[.*\]: No route to host, while reading line user=.* host=.*\[[\.[:digit:]]+\]
-i(map|pop3)d\[.*\]: Killed \(lost mailbox lock\) user=.* host=.*\[[\.[:digit:]]+\]
-i(map|pop3)d\[.*\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=.*\[[\.[:digit:]]+\]
-i(map|pop3)d\[.*\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=.*\[[\.[:digit:]]+\]
-i(map|pop(2|3))d\[.*\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|char)|writing text) user=[\?[:alnum:]]+ host=.*\[[\.[:digit:]]+\]
-ipop[2|3]d\[.*\]: (connect|pop3(s SSL)? service init) from [\.[:digit:]]+
-ipop3d\[.*\]: Trying to get mailbox lock from process [[:digit:]]+
-ipop3d\[.*\]: Error opening or locking INBOX user=.* host=.*\[[\.[:digit:]]+\]
-ipop3d\[.*\]: Expunge ignored on readonly mailbox
-ipop3d\[.*\]: Mailbox is open by another process, access is readonly
-ipop3d\[.*\]: Moved .* bytes of new mail to .* from .* host=.*\[[\.[:digit:]]+\]
ircd\[.*\]: ircd exiting: autodie
ircd\[.*\]: Server Ready
(ircd\[.*\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
@@ -53,13 +41,4 @@ ntpd\[.*\]: precision = [[:digit:]]+ usec
ntpd\[.*\]: signal_no_reset: signal 13 had flags [[:digit:]]+
ntpd\[.*\]: using kernel phase-lock loop [[:digit:]]+
pop-before-smtp\[.*\]: (opening|closing) relay for [\.[:digit:]]+( --- not in mynetworks)?
-smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer
-smbd\[.*\]: \[.*\] lib/util_sock.c:read_socket_data\([[:digit:]]+\)
-squid\[.*\]: Finished. Wrote [[:digit:]]+ entries\.
-squid\[.*\]: Took [\.[:digit:]]+ seconds \(.* entries/sec\)\.
-squid\[.*\]: (access|store)LogRotate: Rotating(\.)?
-squid\[.*\]: logfileRotate: /var/log/squid/(access|store).log
-squid\[.*\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+
-squid\[.*\]: NETDB state saved;
-squid\[.*\]: storeDirWriteCleanLogs: Starting\.\.\.
su\[.*\]: \+ pts/[[:digit:]]+ .*-root
diff --git a/logcheck/ignore.d.server/murasaki b/logcheck/ignore.d.server/murasaki
index 76e805d..cd1ea90 100644
--- a/logcheck/ignore.d.server/murasaki
+++ b/logcheck/ignore.d.server/murasaki
@@ -1,4 +1,4 @@
murasaki\.usb\[.*\]: found depended module="[[:alnum:]]+"
-murasaki\.(usb|net)\[.*\]: device is (added|removed|(un)?registered)
-murasaki\.(usb|net)\[.*\]: execute ifup (eth|(i)?ppp|irda)[[:digit:]]
+murasaki\.(usb|net)\[.*\]: device is (added|removed|(un)?register(e)?d)
+murasaki\.(usb|net)\[.*\]: execute if(up|down) (eth|(i)?ppp|irda)[[:digit:]]
murasaki\.usb\[.*\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+
diff --git a/logcheck/ignore.d.server/samba b/logcheck/ignore.d.server/samba
new file mode 100644
index 0000000..367fce4
--- /dev/null
+++ b/logcheck/ignore.d.server/samba
@@ -0,0 +1,2 @@
+smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer
+smbd\[.*\]: \[.*\] lib/util_sock.c:read_socket_data\([[:digit:]]+\)
diff --git a/logcheck/ignore.d.server/squid b/logcheck/ignore.d.server/squid
new file mode 100644
index 0000000..1a08492
--- /dev/null
+++ b/logcheck/ignore.d.server/squid
@@ -0,0 +1,7 @@
+squid\[.*\]: Finished. Wrote [[:digit:]]+ entries\.
+squid\[.*\]: Took [\.[:digit:]]+ seconds \(.* entries/sec\)\.
+squid\[.*\]: (access|store)LogRotate: Rotating(\.)?
+squid\[.*\]: logfileRotate: /var/log/squid/(access|store).log
+squid\[.*\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+
+squid\[.*\]: NETDB state saved;
+squid\[.*\]: storeDirWriteCleanLogs: Starting\.\.\.
diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh
index c8e7095..e7cada2 100644
--- a/logcheck/ignore.d.server/ssh
+++ b/logcheck/ignore.d.server/ssh
@@ -1,6 +1,7 @@
-sshd.*: syslogin_perform_logout: logout\(\) returned an error
-sshd.*: Could not reverse map address .*\.
-sshd.*: Connection closed by .*
-sshd.*: Did not receive ident(ification)? string from [\.[:digit:]]+
-sshd.*: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\. Don't panic\.
+sshd\[.*\]: syslogin_perform_logout: logout\(\) returned an error
+sshd\[.*\]: Could not reverse map address .*\.
+sshd\[.*\]: Connection closed by .*
+sshd\[.*\]: Did not receive ident(ification)? string from [\.[:digit:]]+
+sshd\[.*\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\. Don't panic\.
+sshd\[.*\]: Disconnecting: Your ssh version is too old and is no longer supported\. Please install a newer version\.
sshd\[.*\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
diff --git a/logcheck/ignore.d.server/ssmtp b/logcheck/ignore.d.server/ssmtp
index 64527aa..36b5b7c 100644
--- a/logcheck/ignore.d.server/ssmtp
+++ b/logcheck/ignore.d.server/ssmtp
@@ -1 +1 @@
-sSMTP mail\[.*\]: .* sent mail for [[:alnum:]]+
+sSMTP mail\[.*\]: .* sent mail for root
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 3863dc2..bb8ba91 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -1,7 +1,7 @@
IMP\[.*\]: FAILED .* to .*:143 as .*
PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- Invalid argument
+afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
atalkd\[.*\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
@@ -25,8 +25,10 @@ portsentry\[.*\]: attackalert: .*
proftpd\[.*\]: .* \(.*\) - USER anonymous@ftp.microsoft.com: no such user found from .*
proftpd\[.*\]: .* \(.*\) - no such user 'anonymous@ftp.microsoft.com'
pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
-smbd[14793]: read_socket_data: recv failure for 4. Error = No route to host
+smbd\[.*\]: read_socket_data: recv failure for 4. Error = No route to host
smbd\[.*\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[.*\]: yield_connection: tdb_delete for name failed with error Record does not exist\.
+smbd\[.*\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
sshd\[.*]: Failed password for .*
sshd\[.*\]: packet_set_maxsize: setting to 4096
diff --git a/logcheck/ignore.d.server/uw-imap b/logcheck/ignore.d.server/uw-imap
new file mode 100644
index 0000000..09ca720
--- /dev/null
+++ b/logcheck/ignore.d.server/uw-imap
@@ -0,0 +1,12 @@
+imapd\[.*\]: (port 143|imap|imaps SSL) service init from
+imapd\[.*\]: No route to host, while reading line user=.* host=.*\[.*\]
+i(map|pop3)d\[.*\]: Killed \(lost mailbox lock\) user=.* host=.*\[.*\]
+i(map|pop3)d\[.*\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(.*\[.*\]|UNKNOWN)
+i(map|pop3)d\[.*\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=.*\[.*\]
+i(map|pop(2|3))d\[.*\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) user=.* host=(.*\[.*\]|UNKNOWN)
+ipop[2|3]d\[.*\]: (connect|pop3(s SSL)? service init) from [\.[:digit:]]+
+ipop3d\[.*\]: Trying to get mailbox lock from process [[:digit:]]+
+ipop3d\[.*\]: Error opening or locking INBOX user=.* host=.*\[.*\]
+ipop3d\[.*\]: Expunge ignored on readonly mailbox
+ipop3d\[.*\]: Mailbox is open by another process, access is readonly
+ipop3d\[.*\]: Moved .* bytes of new mail to .* from .* host=.*\[.*\]
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index eedd102..44ff554 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -1,2 +1 @@
kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\)
-proftpd\[.*\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
diff --git a/logcheck/violations.ignore.d/proftpd b/logcheck/violations.ignore.d/proftpd
new file mode 100644
index 0000000..295767a
--- /dev/null
+++ b/logcheck/violations.ignore.d/proftpd
@@ -0,0 +1 @@
+proftpd\[.*\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 3e2259f..a3f62f6 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -1,5 +1,5 @@
afpd\[.*\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- Invalid argument
+afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
IMP\[.*\]: FAILED .* to .*:143 as .*
i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
@@ -8,7 +8,8 @@ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I
PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
portsentry\[.*\]: attackalert: .*
smbd\[.*\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-smbd[14793]: read_socket_data: recv failure for 4. Error = No route to host
+smbd\[.*\]: read_socket_data: recv failure for 4. Error = No route to host
+smbd\[.*\]: yield_connection: tdb_delete for name failed with error Record does not exist\.
sshd\[.*]: Failed password for .*
pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
postfix/smtpd\[.*\]: reject: .*: 550 <.*>: User unknown; .*
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 15:33:53 +0000