From b4aee7e9069efecfff7016bcdfcc8c776e847e86 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 26 Jan 2008 11:16:38 +0000
Subject: Update masterfiles.

---
 logcheck/ignore.d.server/local     | 2 ++
 logcheck/violations.ignore.d/local | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'logcheck')

diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index cbbc5d9..632598f 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -82,6 +82,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: IMAP\([^[:space:]]*\): Connection closed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap-login: Aborted login \(3 authentication attempts\): user=<[^[:space:]]*>, method=LOGIN, rip=127\.0\.0\.1, lip=127\.0\.0\.1, secured$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal!
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 1c0f46a..d733132 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -7,7 +7,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dccifd\[[0-9]+\]: [.0-9]+ rejected messages to [0-9]+ targets and discarded messages to [0-9]+ targets among [0-9]+ total since [/0-9]+ [:0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xayide dovecot\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= $
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=[^[:space:]]* rhost=127\.0\.0\.1  user=[^[:space:]]*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$
@@ -46,9 +46,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^>]*>.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^[:space:]]* has a valid A record$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^[:space:]]*:.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^>]*>.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]* has a valid A record$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^[:space:]]*:.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer ?$
-- 
cgit v1.2.3