From ccb921c89ff53e44142a1a027c0a30d4d0e480e6 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 24 Oct 2002 12:14:22 +0000
Subject: logcheck: Update local-files.

---
 logcheck/ignore.d.workstation/local | 53 +++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 20 deletions(-)

(limited to 'logcheck/ignore.d.workstation')

diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index b8e24b0..2c6e418 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -2,11 +2,11 @@
 amandad\[[0-9]+\]: connect from
 ### ignore.d.server/amavis
 amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+
-amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[0-9-]+(\.gz)?
+amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
 amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+>
-amavis\[[0-9]+\]: warning - MIME::Parser error: unexpected end of header
+amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
@@ -51,20 +51,35 @@ imapd-ssl: DISCONNECTED, user=.*, ip=\[::ffff:.*\]
 ircd\[[0-9]+\]: ircd exiting: autodie
 ircd\[[0-9]+\]: Server Ready
 (ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
-### ignore.d.server/dhcp
-dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer
 ### ignore.d.server/dhcp-client
 dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
 dhclient(-2.2.x)?: irda0: unknown hardware address type 783
+### ignore.d.server/dhcp.changes
+# NB: dhcp3 entries are in dhcp3-common
+dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \(found\)
+dhcpd-2.2.x: DHCPREQUEST for .* from .* via
+dhcpd-2.2.x: DHCPACK on .* to .* via
+dhcpd-2.2.x: DHCPDISCOVER from .* via
+dhcpd-2.2.x: DHCPOFFER on .* to .* via
+dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+
 ### ignore.d.server/dhcp3-common
+dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
+dhcpd: BOOTREQUEST from
+dhcpd: DHCPACK on [\.0-9]+ to [:0-9a-f]+ via
 dhcpd: DHCPACK to [\.0-9]+
+dhcpd: DHCPDISCOVER from [:0-9a-f]+ via
+dhcpd: DHCPINFORM from
+dhcpd: DHCPNAK on
+dhcpd: DHCPOFFER on [\.0-9]+ to [:0-9a-f]+ via
+dhcpd: DHCPRELEASE of [\.0-9]+
+dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
 dhcpd: ip length 576 disagrees with bytes received 590.
-dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 ### ignore.d.server/gdm
 gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\.
 ### ignore.d.server/gdm.da_DK
@@ -203,13 +218,14 @@ chat\[[0-9]+\]: CONNECT
 chat\[[0-9]+\]: OK
 chat\[[0-9]+\]: send \(\\d\)
 ### ignore.d.server/proftpd
-proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - FTP session opened\.
-proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
-proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+
-proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP session opened\.
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]]+\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
 proftpd\[[0-9]+\]: connect from [\.0-9]+
 proftpd\[[0-9]+\]: No certificate files found!
-proftpd\[[0-9]+\]:.* (.*\[.*\]) - Refused PORT.* (address mismatch)\.
+proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\.
 ### ignore.d.server/samba
 smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
 smbd\[[0-9]+\]: \[[/0-9]+ [:0-9]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\)
@@ -292,9 +308,6 @@ smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([0-9]+\)
 smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([0-9]+\)
 sshd\[[0-9]+\]: Failed password for .*
 sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
-## dhcp
-dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71)
-dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71)
 ## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
@@ -329,17 +342,17 @@ postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/
 ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
-imapd\[[0-9]+\]: No route to host, while reading line user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
-i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
 ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
-ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
 ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
-ipop3d\[[0-9]+\]: Moved .* bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ### ignore.d.workstation/bind
 named\[[0-9]+\]: ns_forw: sendto.*: Network is unreachable
 ### ignore.d.workstation/devfsd
-- 
cgit v1.2.3