summaryrefslogtreecommitdiff
path: root/logcheck/ignore.d.server/tmp
blob: a06f2c48c848e73667d42c853c5ba16e678a700a (plain) 
    

  1. ## imp
    2. 

  2. IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
    3. 

  3. ## libpam-modules
    4. 

  4. PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
    5. 

  5. # old-style pam entries (no longer provided by logcheck but needed on woody)
    6. 

  6. PAM_.*: .* session (opened|closed) for user .*
    7. 

  7. ## netatalk
    8. 

  8. afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
    9. 

  9. afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
    10. 

  10. afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
    11. 

  11. afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
    12. 

  12. afpd\[[0-9]+\]: bad function 7A
    13. 

  13. atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
    14. 

  14. ## hylafax-server
    15. 

  15. FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
    16. 

  16. gnome-name-server\[[0-9]+\]: server_is_alive: .*
    17. 

  17. ## uw-imap
    18. 

  18. i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
    19. 

  19. ## ppp
    20. 

  20. ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
    21. 

  21. ## misc
    22. 

  22. kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
    23. 

  23. kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
    24. 

  24. kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
    25. 

  25. kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
    26. 

  26. kernel: Shorewall:net2all:DROP:.*$
    27. 

  27. kernel: lp[0-9]: compatibility mode
    28. 

  28. kernel: Undo( partial)? (Hoe|loss|retrans)
    29. 

  29. printer: offline or intervention needed
    30. 

  30. ## Non-UDMA hd cable
    31. 

  31. kernel: hda: status timeout: status=0xd0 \{ Busy \}
    32. 

  32. kernel: hda: no DRQ after issuing WRITE
    33. 

  33. kernel: ide0: reset: success
    34. 

  34. ## Postfix SASL not working
    35. 

  35. postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
    36. 

  36. ## ntp-simple
    37. 

  37. ntpd\[[0-9]+\]: synchronisation lost
    38. 

  38. ntpd\[[0-9]+\]: synchronisation lost
    39. 

  39. ntpd\[[0-9]+\]: time reset [\.0-9-]* .
    40. 

  40. ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
    41. 

  41. ## portsentry
    42. 

  42. portsentry\[[0-9]+\]: attackalert: .*
    43. 

  43. ## pump
    44. 

  44. pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
    45. 

  45. ## samba
    46. 

  46. smbd\[[0-9]+\]:   process_local_message: unknown UDP message command code \([0-9a-f]{4}\) - ignoring. $
    47. 

  47. smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $
    48. 

  48. smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $
    49. 

  49. smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\. $
    50. 

  50. smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $
    51. 

  51. ## ssh
    52. 

  52. sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$
    53. 

  53. sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $
    54. 

  54. ## postfix
    55. 

  55. postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
    56. 

  56. postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
    57. 

  57. ## Tulle getting spammed
    58. 

  58. tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
    59. 

  59. rpc.mountd: authenticated mount request from .* for .*
    60. 

  60. ## snort
    61. 

  61. snort: .*FrontPage
    62. 

  62. snort: IDS015 - RPC - portmap-request-status:
    63. 

  63. snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
    64. 

  64. snort: IDS115 - MISC-Traceroute-UDP:
    65. 

  65. snort: IDS212 - MISC - DNS Zone Transfer:
    66. 

  66. snort: IDS226 - CVE-1999-0172 - CGI-formmail:
    67. 

  67. snort: IDS246 - MISC - Large ICMP Packet:
    68. 

  68. snort: IIS-
    69. 

  69. snort: MISC-Attempted Sun RPC high port access:
    70. 

  70. snort: NETBIOS-SMB-C:
    71. 

  71. snort: NETBIOS-SMB-CD...:
    72. 

  72. snort: NMAP TCP ping!:
    73. 

  73. snort: RPC Info Query:
    74. 

  74. snort: SCAN-SYN FIN:
    75. 

  75. snort: spp_http_decode: IIS Unicode attack detected:
    76. 

  76. snort: spp_portscan: End of portscan
    77. 

  77. snort: spp_portscan: PORTSCAN DETECTED
    78. 

  78. snort: spp_portscan: portscan status from
    79. 

  79. snort: WEB-../..:
    80. 

  80. snort: WEB-CGI-upload.pl:
    81. 

  81. ## postgres
    82. 

  82. postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
    83. 

  83. postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
    84. 

  84. postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
    85. 

  85. ## amavis
    86. 

  86. amavis\[[0-9]+\]: warning - MIME::Parser error: .*
    87.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 15:12:49 +0000