From 8a08b26a42d421690b58676f1a9fd677dfbb7770 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Mon, 28 Oct 2002 03:04:06 +0000 Subject: logcheck: Misc. updates. --- logcheck/ignore.d.server/local | 47 ++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'logcheck/ignore.d.server/local') diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 4556eed..095d6d2 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -6,7 +6,7 @@ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:spac amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)? amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT) amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+ -amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> +amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*> ### ignore.d.server/anacron anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))? anacron\[[0-9]+\]: Normal exit @@ -26,6 +26,7 @@ named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\) named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[0-9]+ named\[[0-9]+\]: late CNAME in answer section for .* +named\[[0-9]+\]: ns_forw: query\([\.0-9]+\.in-addr\.arpa\) Bogus LOOPBACK A RR \([^[:space:]]+:[\.0-9]+\) learnt \(A=[\.0-9]+:NS=[\.0-9]+\) ### ignore.d.server/bind.tmp named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied @@ -57,6 +58,17 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)? dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+ dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\. dhclient(-2.2.x)?: irda0: unknown hardware address type 783 +### ignore.d.server/dhcp.changes +# NB: dhcp3 entries are in dhcp3-common +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ +dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ +dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ +dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer dhcpd: BOOTREQUEST from [0-9a-f:]+ @@ -65,22 +77,11 @@ dhcpd: DHCPACK to [\.0-9]+ dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+ dhcpd: DHCPINFORM from [\.0-9]+ dhcpd: DHCPRELEASE of [\.0-9]+ -dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ +dhcpd: DHCPREQUEST for [\.0-9]+( \([\.0-9]+\))? from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. dhcpd: accepting packet with data after udp payload. dhcpd: ip length 576 disagrees with bytes received 590. -### ignore.d.server/dhcp.changes -# NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) -dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+ -dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+ -dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ -dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+ -dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ -dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ -dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\) -dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ ### ignore.d.server/gdm gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\. ### ignore.d.server/gdm.da_DK @@ -199,10 +200,10 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local -postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+ +postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record -postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+ -postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+ +postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+ +postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\] postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+ @@ -292,6 +293,12 @@ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I kernel: lp[0-9]: compatibility mode kernel: Undo( partial)? (Hoe|loss|retrans) printer: offline or intervention needed +## Non-UDMA hd cable +kernel: hda: status timeout: status=0xd0 { Busy } +kernel: hda: no DRQ after issuing WRITE +kernel: ide0: reset: success +## Postfix SASL not working +postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory ## ntp-simple ntpd\[[0-9]+\]: synchronisation lost ntpd\[[0-9]+\]: synchronisation lost @@ -337,9 +344,9 @@ snort: spp_portscan: portscan status from snort: WEB-../..: snort: WEB-CGI-upload.pl: ## postgres -postgres\[[0-9]+\]: \[.*\] DEBUG: -postgres\[[0-9]+\]: \[[0-9-]*\] Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. -postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. +postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* +postgres\[[0-9]+\]: \[[0-9-]+\] Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. +postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\. ## amavis amavis\[[0-9]+\]: warning - MIME::Parser error: .* ### ignore.d.server/ucd-snmp @@ -347,7 +354,7 @@ ucd-snmp\[[0-9]+\]: Connection from .* ### ignore.d.server/uw-imap.changes i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) -i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) +i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN) i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) -- cgit v1.2.3