logcheck/violations.ignore.d/local



### violations.ignore.d/bind
named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
### violations.ignore.d/dhcp-client
dhcpd-2.2.x: (send_packet|fallback_discard): Connection refused
dhclient-2.2.x: receive_packet failed on eth[0-9]: Network is down
### violations.ignore.d/misc
# This one shows up with firewalls blocking SMB ports non-silently
kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
### violations.ignore.d/netsaint
netsaint: SERVICE ALERT:.*;PING;CRITICAL;.*;PING CRITICAL - Packet loss =.*%, RTA =.*ms
netsaint: SERVICE ALERT:.*;ROUTER;CRITICAL;.*;CRITICAL - Plugin timed out after 10 seconds
netsaint: SERVICE ALERT:.*;ROUTER;OK;.*;PING OK - Packet loss =.*%, RTA =.*ms
netsaint: SERVICE FLAPPING ALERT:.*;PING;STOPPED; Service appears to have stopped flapping (.*% change < .*% threshold)
netsaint: SERVICE FLAPPING ALERT:.*;PING;STARTED; Service appears to have started flapping (.*% change >.*% threshold)
netsaint: SERVICE ALERT: mail;SMTP;CRITICAL;.*;Connection refused by host
netsaint: SERVICE NOTIFICATION:.*;CRITICAL;notify-by-.*;Connection refused by host
netsaint: SERVICE ALERT: mail;SMTP;OK;.* OK - 0 second response time 
netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.*
netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
### violations.ignore.d/pmud
pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request
### violations.ignore.d/postfix
postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug>
postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\)
postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+>
postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]]+> to=<[^[:space:]]+>
postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 <[^[:space:]]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]]+> to=<[^[:space:]]+>
postfix/smtpd\[[0-9]+\]: warning: .*: hostname .* verification failed: Host not found
postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
### violations.ignore.d/proftpd
proftpd\[[0-9]+\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
### violations.ignore.d/samba
smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
### violations.ignore.d/ssh
sshd\[[0-9]+\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.0-9]+ port [0-9]+ ssh2
### violations.ignore.d/temp
afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
afpd\[[0-9]+\]: bad function 7A
afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied
afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied
afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
portsentry\[[0-9]+\]: attackalert: .*
smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
sshd\[[0-9]+\]: Failed password for .*
pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
snort: spp_http_decode: IIS Unicode attack detected: