diff options
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 15 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 10 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/proftpd | 4 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/dhcp-client | 7 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/gdm | 1 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/hotplug | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 10 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/ntpdate | 3 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/pmud | 4 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/dhcp-client | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 10 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/pmud | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 7 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/samba | 1 |
14 files changed, 52 insertions, 26 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 7c2dae7..40a3c41 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -1,4 +1,3 @@ -named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\) dhcpd.*: Abandoning IP address .*: pinged before offer dhcpd.*: DHCPINFORM from [[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+( via eth.)? dhcpd.*: DHCPNACK on [\.[:digit:]]+ to [[:alnum:]]+( via eth.)? @@ -21,7 +20,6 @@ FaxGetty\[.*\]: ANSWER: Ring detected without successful handshake FaxGetty\[.*\]: ANSWER: FAX CONNECTION FaxQueuer\[.*\]: SUBMIT JOB [[:digit:]]+ FaxSend\[.*\]: SEND FAX: JOB [[:digit:]]+ DEST [[:digit:]]+ COMMID [[:digit:]]+ -gdm\[.*\]: run_pictures: Directory .* does not exist\. gnu-imap4d\[.*\]: Incoming connection opened gnu-imap4d\[.*\]: connect from [\.[:digit:]]+ gnu-imap4d\[.*\]: User '[[:alnum:]]+' logged in @@ -45,6 +43,7 @@ ircd\[.*\]: Server Ready (ircd\[.*\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use IMP\[.*\]: Login .* to .*:143 as .* kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:(137|138) .*:(137|138) L=[[:digit:]]+ S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\) +named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\) named\[.*\]: NSTATS [[:digit:]]+ [[:digit:]]+ named\[.*\]: .* All possible .* lame ntpd\[.*\]: kern_enable is 1 @@ -53,18 +52,6 @@ ntpd\[.*\]: ntpd 4\.[01]\..* \([12]\) ntpd\[.*\]: precision = [[:digit:]]+ usec ntpd\[.*\]: signal_no_reset: signal 13 had flags [[:digit:]]+ ntpd\[.*\]: using kernel phase-lock loop [[:digit:]]+ -postfix.* table has changed -- exiting -postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied -postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) -postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) -postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+ -postfix/smtp\[.*\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record -postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ -postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\] -postfix/smtpd\[.*\]: warning: .*: address not listed for hostname .* -postfix/smtpd\[.*\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) -proftpd\[.*\]: .* \(.*\) - FTP session opened\. -proftpd\[.*\]: .* \(.*\) - USER (anonymous|ftp) \(Login failed\): Can't find user\. pop-before-smtp\[.*\]: (opening|closing) relay for [\.[:digit:]]+( --- not in mynetworks)? smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer smbd\[.*\]: \[.*\] lib/util_sock.c:read_socket_data\([[:digit:]]+\) diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix new file mode 100644 index 0000000..d960c37 --- /dev/null +++ b/logcheck/ignore.d.server/postfix @@ -0,0 +1,10 @@ +postfix.* table has changed -- exiting +postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied +postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) +postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection (refused|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\) +postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+ +postfix/smtp\[.*\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record +postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+ +postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\] +postfix/smtpd\[.*\]: warning: .*: address not listed for hostname .* +postfix/smtpd\[.*\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found) diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd new file mode 100644 index 0000000..10e8f74 --- /dev/null +++ b/logcheck/ignore.d.server/proftpd @@ -0,0 +1,4 @@ +proftpd\[.*\]: .* \(.*\) - FTP session opened\. +proftpd\[.*\]: .* \(.*\) - USER (anonymous|ftp) \(Login failed\): Can't find user\. +proftpd\[.*\]: connect from [\.[:digit:]]+ +proftpd\[.*\]: No certificate files found! diff --git a/logcheck/ignore.d.workstation/dhcp-client b/logcheck/ignore.d.workstation/dhcp-client index de6f432..f3b66df 100644 --- a/logcheck/ignore.d.workstation/dhcp-client +++ b/logcheck/ignore.d.workstation/dhcp-client @@ -1,5 +1,8 @@ dhclient-2.2.x: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [[:digit:]]+)? -dhclient-2.2.x: No working leases in persistent database - sleeping\. +dhclient-2.2.x: No working leases in persistent database( - sleeping)?\. +dhclient-2.2.x: Sleeping\. dhclient-2.2.x: No DHCPOFFERS received\. -dhclient-2.2.x: (DHCPACK|DHCPOFFER) from [\.[:digit:]]+ +dhclient-2.2.x: DHCP(ACK|OFFER) from [\.[:digit:]]+ dhclient-2.2.x: bound to .* -- renewal in [[:digit:]]+ seconds\. +dhclient-2.2.x: irda0: unknown hardware address type 783 +dhclient-2.2.x: receive_packet failed on eth0: Network is down diff --git a/logcheck/ignore.d.workstation/gdm b/logcheck/ignore.d.workstation/gdm new file mode 100644 index 0000000..fb094b8 --- /dev/null +++ b/logcheck/ignore.d.workstation/gdm @@ -0,0 +1 @@ +gdm\[.*\]: run_pictures: Directory .* does not exist\. diff --git a/logcheck/ignore.d.workstation/hotplug b/logcheck/ignore.d.workstation/hotplug new file mode 100644 index 0000000..beb4eeb --- /dev/null +++ b/logcheck/ignore.d.workstation/hotplug @@ -0,0 +1,3 @@ +/etc/hotplug/net.agent: invoke ifup .* +/etc/hotplug/net.agent: invoke if(up|down) .* +/etc/hotplug/net.agent: assuming .* is already up diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local new file mode 100644 index 0000000..192422e --- /dev/null +++ b/logcheck/ignore.d.workstation/local @@ -0,0 +1,10 @@ +gnome-name-server\[.*\]: starting +gnome-name-server\[.*\]: name server starting +gnome-name-server\[.*\]: server_is_alive: .* +gconfd \(.*\): starting \(version [\.[:digit:]]+\), pid [[:digit:]]+ user '.*' +gconfd \(.*\): GConf server is not in use, shutting down\. +gconfd \(.*\): Exiting +named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\) +named\[.*\]: NSTATS [[:digit:]]+ [[:digit:]]+ +named\[.*\]: .* All possible .* lame +named[183]: ns_forw: sendto.*: Network is unreachable diff --git a/logcheck/ignore.d.workstation/ntpdate b/logcheck/ignore.d.workstation/ntpdate new file mode 100644 index 0000000..76073e0 --- /dev/null +++ b/logcheck/ignore.d.workstation/ntpdate @@ -0,0 +1,3 @@ +ntpdate\[.*\]: can't find host +ntpdate\[.*\]: no servers can be used, exiting +ntpdate\[.*\]: step time server [\.[:digit:]]+ offset [\.[:digit:]]+ sec diff --git a/logcheck/ignore.d.workstation/pmud b/logcheck/ignore.d.workstation/pmud new file mode 100644 index 0000000..b1f4da6 --- /dev/null +++ b/logcheck/ignore.d.workstation/pmud @@ -0,0 +1,4 @@ +pmud\[.*\]: running /etc/power/pwrctl (maximum|minimum|sleep|wakeup) (ac|battery) +pmud\[.*\]: lid closed: request sleep +pmud\[.*\]: going to sleep +pmud\[.*\]: system awake again diff --git a/logcheck/violations.ignore.d/dhcp-client b/logcheck/violations.ignore.d/dhcp-client new file mode 100644 index 0000000..93161b4 --- /dev/null +++ b/logcheck/violations.ignore.d/dhcp-client @@ -0,0 +1,2 @@ +dhcpd-2.2.x: (send_packet|fallback_discard): Connection refused +dhclient-2.2.x: receive_packet failed on eth[[:digit:]]: Network is down diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index bd33dea..eedd102 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -1,12 +1,2 @@ -dhcpd-2.2.x: send_packet: Connection refused -dhcpd-2.2.x: fallback_discard: Connection refused kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\) -postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied -postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) -postfix/smtp\[.*\]: .*: to=<.*>, relay=.*\[.*\], delay=[[:digit:]]+, status=deferred \(host .*\[.*\] said: 450 <.*>: Sender address rejected: Domain not found\) -postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection refused|server refused mail service) \(port 25\) -postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*> -postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 <.*>: Recipient address rejected: Relay access denied; from=<.*> to=<.*> -postfix/smtpd\[.*\]: warning: .*: hostname .* verification failed: Host (name has no address|not found) proftpd\[.*\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\. -smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer diff --git a/logcheck/violations.ignore.d/pmud b/logcheck/violations.ignore.d/pmud new file mode 100644 index 0000000..25d29c3 --- /dev/null +++ b/logcheck/violations.ignore.d/pmud @@ -0,0 +1 @@ +pmud\[.*\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix new file mode 100644 index 0000000..49341a0 --- /dev/null +++ b/logcheck/violations.ignore.d/postfix @@ -0,0 +1,7 @@ +postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied +postfix/smtp\[.*\]: .*: to=<.*>, relay=none, delay=[[:digit:]]+, status=deferred \(connect to .*\[.*\]: (Connection refused|server refused mail service)\) +postfix/smtp\[.*\]: .*: to=<.*>, relay=.*\[.*\], delay=[[:digit:]]+, status=deferred \(host .*\[.*\] said: 450 <.*>: Sender address rejected: Domain not found\) +postfix/smtp\[.*\]: connect to .*\[.*\]: (Connection refused|server refused mail service) \(port 25\) +postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*> +postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 <.*>: Recipient address rejected: Relay access denied; from=<.*> to=<.*> +postfix/smtpd\[.*\]: warning: .*: hostname .* verification failed: Host (name has no address|not found) diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba new file mode 100644 index 0000000..726eb47 --- /dev/null +++ b/logcheck/violations.ignore.d/samba @@ -0,0 +1 @@ +smbd\[.*\]: read_socket_data: recv failure for 4\. Error = Connection reset by peer |