path: root/logcheck/ignore.d.server/tmp

## imp
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
## libpam-modules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: check pass; user unknown$
# old-style pam entries (no longer provided by logcheck but needed on woody)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_.*: .* session (opened|closed) for user .*
## hylafax-server
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
## uw-imap
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
## ppp
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
## misc
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:net2all:DROP:.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: lp[0-9]: compatibility mode
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Undo( partial)? (Hoe|loss|retrans)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: offline or intervention needed
## Printer and Windows PC at Homebase ignoring change of DHCP (192.168.101 -> 192.168.1)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.17 DST=192.168.101.2 .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.248 DST=192.168.101.22 .*$
## Non-UDMA hd cable
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: status timeout: status=0xd0 \{ Busy \}
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: no DRQ after issuing WRITE
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide0: reset: success
## Postfix SASL not working
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
## ntp-simple
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]* .
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
## portsentry
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
## pump
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
## samba
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   process_local_message: unknown UDP message command code \([0-9a-f]+\) - ignoring. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   [^[:space:]]+ \([\.0-9]+\) couldn't find service c $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  prs_mem_get: reading data of size 4 would overrun buffer. $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $
## postgres
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection received: host=\[local\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection authorized: user=postgres database=template1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
## amavis
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .*
## Misc entries on Gibraltar (using older logcheck and syslog...)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $
## SSH
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+( port [0-9]+ ssh2)?$