diff options
Diffstat (limited to 'logcheck/violations.ignore.d/local')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index d354356..ad20e7b 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -1,5 +1,9 @@ ### violations.ignore.d/amavis -amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> +amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*> +amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+ +amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? +amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ +amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> ### violations.ignore.d/bind named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied @@ -29,16 +33,18 @@ netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.* pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request ### violations.ignore.d/postfix postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\) -postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug> +postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+> postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied +postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\) postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\) postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\) -postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\) -postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+|Recipient address rejected: This user does not have an account here \(MTA:imta15\))\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 552 header content rejected: see .*\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\) +postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 571 <>... denied\) +postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\) +postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\) +postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 451 Transaction failed.\) postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\) postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\) postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+> @@ -74,3 +80,4 @@ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .* postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .* postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)> snort: spp_http_decode: IIS Unicode attack detected: +postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* |