diff options
Diffstat (limited to 'logcheck/ignore.d.server')
| -rw-r--r-- | logcheck/ignore.d.server/amavis | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/dhcp | 1 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/dhcp.changes | 8 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/dhcp3-common | 10 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 11 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/uw-imap.changes | 14 |
7 files changed, 32 insertions, 19 deletions
diff --git a/logcheck/ignore.d.server/amavis b/logcheck/ignore.d.server/amavis index cd2ce17..2d38569 100644 --- a/logcheck/ignore.d.server/amavis +++ b/logcheck/ignore.d.server/amavis @@ -1,6 +1,6 @@ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+ -amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[0-9-]+(\.gz)? +amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT) amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+> -amavis\[[0-9]+\]: warning - MIME::Parser error: unexpected end of header +amavis\[[0-9]+\]: warning - MIME::Parser error: .* diff --git a/logcheck/ignore.d.server/dhcp b/logcheck/ignore.d.server/dhcp deleted file mode 100644 index 54192b1..0000000 --- a/logcheck/ignore.d.server/dhcp +++ /dev/null @@ -1 +0,0 @@ -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer diff --git a/logcheck/ignore.d.server/dhcp.changes b/logcheck/ignore.d.server/dhcp.changes new file mode 100644 index 0000000..3485782 --- /dev/null +++ b/logcheck/ignore.d.server/dhcp.changes @@ -0,0 +1,8 @@ +# NB: dhcp3 entries are in dhcp3-common +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \(found\) +dhcpd-2.2.x: DHCPREQUEST for .* from .* via +dhcpd-2.2.x: DHCPACK on .* to .* via +dhcpd-2.2.x: DHCPDISCOVER from .* via +dhcpd-2.2.x: DHCPOFFER on .* to .* via +dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+ diff --git a/logcheck/ignore.d.server/dhcp3-common b/logcheck/ignore.d.server/dhcp3-common index a272a72..c583aaf 100644 --- a/logcheck/ignore.d.server/dhcp3-common +++ b/logcheck/ignore.d.server/dhcp3-common @@ -1,6 +1,14 @@ +dhcpd: Abandoning IP address [\.0-9]+: pinged before offer +dhcpd: BOOTREQUEST from +dhcpd: DHCPACK on [\.0-9]+ to [:0-9a-f]+ via dhcpd: DHCPACK to [\.0-9]+ +dhcpd: DHCPDISCOVER from [:0-9a-f]+ via +dhcpd: DHCPINFORM from +dhcpd: DHCPNAK on +dhcpd: DHCPOFFER on [\.0-9]+ to [:0-9a-f]+ via +dhcpd: DHCPRELEASE of [\.0-9]+ +dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. dhcpd: accepting packet with data after udp payload. dhcpd: ip length 576 disagrees with bytes received 590. -dhcpd: Abandoning IP address [\.0-9]+: pinged before offer diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index 0b9bd66..678c6e4 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,7 +1,8 @@ -proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - FTP session opened\. -proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\. -proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ -proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?' +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP session opened\. +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\. +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?' proftpd\[[0-9]+\]: connect from [\.0-9]+ proftpd\[[0-9]+\]: No certificate files found! -proftpd\[[0-9]+\]:.* (.*\[.*\]) - Refused PORT.* (address mismatch)\. +proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 39883bd..c72783a 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -44,9 +44,6 @@ smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([0-9]+\) smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([0-9]+\) sshd\[[0-9]+\]: Failed password for .* sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 -## dhcp -dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71) -dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71) ## postfix postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com> postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt> diff --git a/logcheck/ignore.d.server/uw-imap.changes b/logcheck/ignore.d.server/uw-imap.changes index 42a56ef..39d603b 100644 --- a/logcheck/ignore.d.server/uw-imap.changes +++ b/logcheck/ignore.d.server/uw-imap.changes @@ -1,12 +1,12 @@ imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from -imapd\[[0-9]+\]: No route to host, while reading line user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) -i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) -i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) -i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) -i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) +imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) +i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) +i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) +i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) +i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+ ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+ -ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) +ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly -ipop3d\[[0-9]+\]: Moved .* bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN) +ipop3d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) |