IMP\[.*\]: FAILED .* to .*:143 as .*
PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
afpd\[.*\]: bad function 7A
atalkd\[.*\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
FaxGetty\[.*\]: ANSWER: Can not lock modem device
gnome-name-server\[.*\]: server_is_alive: .*
i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
ipppd\[.*\]: Connect\[0\]: /dev/ippp[[:digit:]], fd: 12
kernel: Disorder[[:digit:]] [[:digit:]] [[:digit:]] f[[:digit:]] s[[:digit:]] rr[[:digit:]]
kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
kernel: OPEN: [\.[:digit:]]* -> [\.[:digit:]]* UDP, port: [[:digit:]]* -> [[:digit:]]*
kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
kernel: lp[[:digit:]]: compatibility mode
kernel: Undo( partial)? (Hoe|loss|retrans)
ntpd\[.*\]: synchronisation lost
ntpd\[.*\]: synchronisation lost
ntpd\[.*\]: time reset [\.[:digit:]-]* .
ntpd\[.*\]: time reset [\.[:digit:]-]+ s
portsentry\[.*\]: attackalert: .*
pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
smbd\[.*\]:   read_socket_data: recv failure for 4. Error = No route to host
smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
smbd\[.*\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
smbd\[.*\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
sshd\[.*]: Failed password for .*
sshd\[.*\]: packet_set_maxsize: setting to 4096
dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71)
dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71)
postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com>
postfix/smtpd\[.*\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.[:digit:]]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
rpc.mountd: authenticated mount request from .* for .*
snort: .*FrontPage
snort: IDS015 - RPC - portmap-request-status:
snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
snort: IDS115 - MISC-Traceroute-UDP:
snort: IDS212 - MISC - DNS Zone Transfer:
snort: IDS226 - CVE-1999-0172 - CGI-formmail:
snort: IDS246 - MISC - Large ICMP Packet:
snort: IIS-
snort: MISC-Attempted Sun RPC high port access:
snort: NETBIOS-SMB-C:
snort: NETBIOS-SMB-CD...:
snort: NMAP TCP ping!:
snort: RPC Info Query:
snort: SCAN-SYN FIN:
snort: spp_http_decode: IIS Unicode attack detected:
snort: spp_portscan: End of portscan
snort: spp_portscan: PORTSCAN DETECTED
snort: spp_portscan: portscan status from
snort: WEB-../..:
snort: WEB-CGI-upload.pl:
postgres\[.*\]: \[.*\] DEBUG:
postgres\[.*\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
postgres\[.*\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
printer: offline or intervention needed