diff options
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 2 |
5 files changed, 5 insertions, 5 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 3a6a75b..999e3f2 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -340,7 +340,7 @@ portsentry\[[0-9]+\]: attackalert: .* ## pump pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba -smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ +smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9a-f]{4}\) - ignoring. $ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 9f25fca..a06f2c4 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -43,7 +43,7 @@ portsentry\[[0-9]+\]: attackalert: .* ## pump pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba -smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ +smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9a-f]{4}\) - ignoring. $ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 48abfc3..b8ac9af 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -340,7 +340,7 @@ portsentry\[[0-9]+\]: attackalert: .* ## pump pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba -smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ +smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \([0-9a-f]{4}\) - ignoring. $ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 1051ac4..4e7eb42 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -86,7 +86,7 @@ afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) IMP\[[0-9]+\]: FAILED .* to .*:143 as .* i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] -imap\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=[[:alnum:]]+$ +imap\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]* user=[[:alnum:]]+$ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 18c331f..d77bfe0 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -7,7 +7,7 @@ afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) IMP\[[0-9]+\]: FAILED .* to .*:143 as .* i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] -imap\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=[[:alnum:]]+$ +imap\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]* user=[[:alnum:]]+$ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service |