summaryrefslogtreecommitdiff
path: root/logcheck/ignore.d.server/tmp
diff options
context:
space:
mode:
Diffstat (limited to 'logcheck/ignore.d.server/tmp')
-rw-r--r--logcheck/ignore.d.server/tmp37
1 files changed, 0 insertions, 37 deletions
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 9dd06e3..33cddeb 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -5,13 +5,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: check pass; user unknown$
# old-style pam entries (no longer provided by logcheck but needed on woody)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_.*: .* session (opened|closed) for user .*
-## netatalk
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
## hylafax-server
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
@@ -56,36 +49,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: prs_mem_get: reading data of size 4 would overrun buffer. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $
-## ssh
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $
-## postfix
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-## Tulle getting spammed
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc.mountd: authenticated mount request from .* for .*
-## snort
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: .*FrontPage
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS015 - RPC - portmap-request-status:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS115 - MISC-Traceroute-UDP:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS212 - MISC - DNS Zone Transfer:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS226 - CVE-1999-0172 - CGI-formmail:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS246 - MISC - Large ICMP Packet:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IIS-
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: MISC-Attempted Sun RPC high port access:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-C:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-CD...:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NMAP TCP ping!:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: RPC Info Query:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: SCAN-SYN FIN:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: End of portscan
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: PORTSCAN DETECTED
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: portscan status from
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-../..:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-CGI-upload.pl:
## postgres
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG: connection received: host=\[local\]$
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-26 13:04:44 +0000