From 507e1af6322e48cb9a909feafdcc2510f515ea97 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 8 Dec 2002 13:38:20 +0000
Subject: Misc cleanup (spaces and other cruft at end-of-line, and a few
 added/corrected entries here and there).

---
 logcheck/ignore.d.server/anacron         |  2 +-
 logcheck/ignore.d.server/hylafax-server  |  4 ++--
 logcheck/ignore.d.server/local           | 22 +++++++++++++---------
 logcheck/ignore.d.server/nagios          |  2 +-
 logcheck/ignore.d.server/netsaint        |  5 ++++-
 logcheck/ignore.d.server/proftpd         |  2 +-
 logcheck/ignore.d.server/tmp             |  5 +++--
 logcheck/ignore.d.server/uw-imap.changes |  2 +-
 logcheck/ignore.d.workstation/local      | 22 +++++++++++++---------
 logcheck/violations.ignore.d/local       |  1 +
 logcheck/violations.ignore.d/netsaint    |  1 +
 11 files changed, 41 insertions(+), 27 deletions(-)

(limited to 'logcheck')

diff --git a/logcheck/ignore.d.server/anacron b/logcheck/ignore.d.server/anacron
index 8ff87a9..e24ddc2 100644
--- a/logcheck/ignore.d.server/anacron
+++ b/logcheck/ignore.d.server/anacron
@@ -1,5 +1,5 @@
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$
-anacron\[[0-9]+\]: Normal exit$
+anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$
 anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$
 anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$
 anacron\[[0-9]+\]: Jobs will be executed sequentially$
diff --git a/logcheck/ignore.d.server/hylafax-server b/logcheck/ignore.d.server/hylafax-server
index f6fedfb..11821d8 100644
--- a/logcheck/ignore.d.server/hylafax-server
+++ b/logcheck/ignore.d.server/hylafax-server
@@ -2,9 +2,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING
 Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$
-FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$
+FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$
 FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$
-FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$
+FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$
 FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$
 FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$
 HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index fd20c8c..d942973 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -10,7 +10,7 @@ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:spa
 amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$
-anacron\[[0-9]+\]: Normal exit$
+anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$
 anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$
 anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$
 anacron\[[0-9]+\]: Jobs will be executed sequentially$
@@ -110,9 +110,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING
 Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$
-FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$
+FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$
 FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$
-FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$
+FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$
 FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$
 FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$
 HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$
@@ -148,7 +148,7 @@ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$
 murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$
 murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$
 ### ignore.d.server/nagios
-nagios: Auto-save of retention data completed successfully\.$
+nagios: Auto-save of retention data completed successfully\. $
 nagios: LOG ROTATION: DAILY$
 ### ignore.d.server/netatalk.changes
 afpd\[[0-9]+\]: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
@@ -178,8 +178,11 @@ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [
 papd\[[0-9]+\]: child [0-9]+ done$
 papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$
 ### ignore.d.server/netsaint
-netsaint: Auto-save of retention data completed successfully\.$
 netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
+netsaint: Auto-save of retention data completed successfully\.$
+netsaint: Caught SIGTERM, shutting down\.\.\. $
+netsaint: Entering active mode\.\.\. $
+netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $
 ### ignore.d.server/nfs-kernel-server
 mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$
 mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$
@@ -237,7 +240,7 @@ chat\[[0-9]+\]: CONNECT$
 chat\[[0-9]+\]: OK$
 chat\[[0-9]+\]: send \(\\d\)$
 ### ignore.d.server/proftpd
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$
@@ -297,9 +300,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p
 # old-style pam entries (no longer provided by logcheck but needed on woody
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: bad function 7A
 atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
@@ -315,6 +318,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
+kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
@@ -378,7 +382,7 @@ amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$
 i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from
diff --git a/logcheck/ignore.d.server/nagios b/logcheck/ignore.d.server/nagios
index 9d85d89..2ab0696 100644
--- a/logcheck/ignore.d.server/nagios
+++ b/logcheck/ignore.d.server/nagios
@@ -1,2 +1,2 @@
-nagios: Auto-save of retention data completed successfully\.$
+nagios: Auto-save of retention data completed successfully\. $
 nagios: LOG ROTATION: DAILY$
diff --git a/logcheck/ignore.d.server/netsaint b/logcheck/ignore.d.server/netsaint
index 8167301..879351c 100644
--- a/logcheck/ignore.d.server/netsaint
+++ b/logcheck/ignore.d.server/netsaint
@@ -1,2 +1,5 @@
-netsaint: Auto-save of retention data completed successfully\.$
 netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
+netsaint: Auto-save of retention data completed successfully\.$
+netsaint: Caught SIGTERM, shutting down\.\.\. $
+netsaint: Entering active mode\.\.\. $
+netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $
diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd
index a2a4cce..78a3df4 100644
--- a/logcheck/ignore.d.server/proftpd
+++ b/logcheck/ignore.d.server/proftpd
@@ -1,4 +1,4 @@
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index b274fe9..d0537c1 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -5,9 +5,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p
 # old-style pam entries (no longer provided by logcheck but needed on woody
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: bad function 7A
 atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
@@ -23,6 +23,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
+kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
diff --git a/logcheck/ignore.d.server/uw-imap.changes b/logcheck/ignore.d.server/uw-imap.changes
index fbdd563..6fdbd1d 100644
--- a/logcheck/ignore.d.server/uw-imap.changes
+++ b/logcheck/ignore.d.server/uw-imap.changes
@@ -1,5 +1,5 @@
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$
 i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index a89d585..8b15ef8 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -10,7 +10,7 @@ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:spa
 amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?$
-anacron\[[0-9]+\]: Normal exit$
+anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$
 anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$
 anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$
 anacron\[[0-9]+\]: Jobs will be executed sequentially$
@@ -110,9 +110,9 @@ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING
 Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$
 FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+$
-FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""$
+FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+"( "")+$
 FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake$
-FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION$
+FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION DEVICE '[^[:blank:]']+'$
 FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$
 FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$
 HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$
@@ -148,7 +148,7 @@ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$
 murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$
 murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$
 ### ignore.d.server/nagios
-nagios: Auto-save of retention data completed successfully\.$
+nagios: Auto-save of retention data completed successfully\. $
 nagios: LOG ROTATION: DAILY$
 ### ignore.d.server/netatalk.changes
 afpd\[[0-9]+\]: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
@@ -178,8 +178,11 @@ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [
 papd\[[0-9]+\]: child [0-9]+ done$
 papd\[[0-9]+\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+$
 ### ignore.d.server/netsaint
-netsaint: Auto-save of retention data completed successfully\.$
 netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
+netsaint: Auto-save of retention data completed successfully\.$
+netsaint: Caught SIGTERM, shutting down\.\.\. $
+netsaint: Entering active mode\.\.\. $
+netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $
 ### ignore.d.server/nfs-kernel-server
 mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$
 mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$
@@ -237,7 +240,7 @@ chat\[[0-9]+\]: CONNECT$
 chat\[[0-9]+\]: OK$
 chat\[[0-9]+\]: send \(\\d\)$
 ### ignore.d.server/proftpd
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\.$
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session opened\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\.$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: no such user found from .*\[[\.0-9]+\] to [\.0-9]+$
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+'$
@@ -297,9 +300,9 @@ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|p
 # old-style pam entries (no longer provided by logcheck but needed on woody
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: bad function 7A
 atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
@@ -315,6 +318,7 @@ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
+kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=53 .*$
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
@@ -378,7 +382,7 @@ amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)$
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN) nmsgs=[0-9]+/[0-9]+$
 i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)$
 imapd\[[0-9]+\]: (port (143|220)|imap|imaps SSL) service init from
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index c5de5da..621ae62 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -32,6 +32,7 @@ netsaint: SERVICE NOTIFICATION:.*;CRITICAL;notify-by-.*;Connection refused by ho
 netsaint: SERVICE ALERT: mail;SMTP;OK;.* OK - 0 second response time 
 netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.*
 netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
+netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $
 ### violations.ignore.d/pmud
 pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$
 ### violations.ignore.d/postfix
diff --git a/logcheck/violations.ignore.d/netsaint b/logcheck/violations.ignore.d/netsaint
index d8f83b2..0bc9d58 100644
--- a/logcheck/violations.ignore.d/netsaint
+++ b/logcheck/violations.ignore.d/netsaint
@@ -8,3 +8,4 @@ netsaint: SERVICE NOTIFICATION:.*;CRITICAL;notify-by-.*;Connection refused by ho
 netsaint: SERVICE ALERT: mail;SMTP;OK;.* OK - 0 second response time 
 netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.*
 netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
+netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $
-- 
cgit v1.2.3