From 32db2497d28349632a820cafc9567da33f64ca1d Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sun, 13 Apr 2003 08:44:57 +0000 Subject: Add a few additional proftpd and postfix ignore lines. --- logcheck/ignore.d.server/local | 3 ++- logcheck/ignore.d.server/postfix | 1 + logcheck/ignore.d.server/proftpd | 2 +- logcheck/ignore.d.workstation/local | 3 ++- logcheck/violations.ignore.d/local | 4 ++-- logcheck/violations.ignore.d/postfix | 4 ++-- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index ea373b9..cbaa444 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -216,6 +216,7 @@ pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.0-9]+( --- not in myne ### ignore.d.server/postfix postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting$ postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$ +postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=[^[:space:]]+$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ @@ -264,7 +265,7 @@ chat\[[0-9]+\]: CONNECT$ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index a707e22..6fdddf3 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -1,5 +1,6 @@ postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting$ postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$ +postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=[^[:space:]]+$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd index 500221c..4a900ad 100644 --- a/logcheck/ignore.d.server/proftpd +++ b/logcheck/ignore.d.server/proftpd @@ -1,4 +1,4 @@ -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 8a7635d..0b6cd42 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -216,6 +216,7 @@ pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.0-9]+( --- not in myne ### ignore.d.server/postfix postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting$ postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$ +postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=[^[:space:]]+$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ @@ -264,7 +265,7 @@ chat\[[0-9]+\]: CONNECT$ chat\[[0-9]+\]: OK$ chat\[[0-9]+\]: send \(\\d\)$ ### ignore.d.server/proftpd -proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $ +proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21 $ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 3e2d74b..bad323f 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -56,9 +56,9 @@ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insu postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .* postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 96fab64..6a48dbd 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -11,6 +11,6 @@ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insu postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .* postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP helo=<[^>]+>$ -- cgit v1.2.3