[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User maks-guest
logcheck-devel@lists.alioth.debian.org
Tue, 19 Oct 2004 08:58:52 -0600
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv7814/rulefiles/linux/ignore.d.server
Modified Files:
bind courier dhcp nagios ntp openvpn postfix squid ssh uptimed
Added Files:
cpqarrayd jabberd slapd smartd smokeping thy
Log Message:
add _lots_ of new rules from weasel@debian.org. woow!
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/bind 2004/07/24 07:11:36 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/bind 2004/10/19 14:58:52 1.3
@@ -1,2 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [._[:alnum:]-]+/IN: transferred serial [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: received notify for zone '[._[:alnum:]-]+'$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/courier 2004/08/12 13:36:16 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/courier 2004/10/19 14:58:52 1.3
@@ -1,8 +1,11 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): Connection, ip=\[[.:[:alnum:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)(login|d-ssl): LOGIN, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], protocol=IMAP$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): LOGOUT, ip=\[[.:[:alnum:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3(login|d-ssl): (LOGOUT|TIMEOUT), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], top=[0-9]+, retr=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: couriertls: read: Connection reset by peer$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): (LOGOUT|DISCONNECTED), user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, time=[0-9]+, starttls=[01]$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dhcp 2004/10/13 13:49:09 1.14
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dhcp 2004/10/19 14:58:52 1.15
@@ -21,7 +21,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]+ via [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [.0-9]+ from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [[:alnum:]]+ \((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: pool [0-9a-f]{7} [.0-9]+/[:[:alnum:]]+ total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: pool [0-9a-f]{7} [.0-9]+/[:[:alnum:]]+ total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+$
+
# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]+: no such RRset$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/nagios 2004/08/14 11:46:22 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/nagios 2004/10/19 14:58:52 1.3
@@ -1,2 +1,16 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Auto-save of retention data completed successfully.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: LOG ROTATION: (DAILY|WEEKLY|MONTHLY)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Nagios 1\.1 starting\.\.\. \(PID=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE ALERT: [._[:alnum:]-]+;[^;]+;CRITICAL;(SOFT|HARD);.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE ALERT: [._[:alnum:]-]+;[^;]+;WARNING;(SOFT|HARD);.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE ALERT: [._[:alnum:]-]+;[^;]+;OK;(SOFT|HARD);.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;CRITICAL;.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;WARNING;.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;OK;.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;DOWN;(SOFT|HARD);.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;UP;(SOFT|HARD);.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;DOWN;.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;UP;.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST DOWNTIME ALERT: [._[:alnum:]-]+;STOPPED;.*$
+# nrpe
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: Error: Could not complete SSL handshake. 5$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ntp 2004/07/27 17:59:42 1.5
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ntp 2004/10/19 14:58:52 1.6
@@ -3,5 +3,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronized to [0-9.]{7,15}, stratum [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronized to LOCAL\([0-9]+\), stratum [0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync disabled [0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync (disabled|enabled) [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: precision = [0-9]+\.[0-9]+ usec$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/openvpn 2004/06/12 15:50:58 1.4
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/openvpn 2004/10/19 14:58:52 1.5
@@ -12,7 +12,16 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: Local Options hash \(VER=V3\): '[0-9a-f]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: (Local|Expected Remote) Options hash \(VER=V3\): '[0-9a-f]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: UDPv4 link (local \(bound\)|remote): (\[undef\]|[._[:alnum:]-]+):[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: tls_multi_process: untrusted session promoted to trusted$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: tls_multi_process: killed expiring key$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: tls_pre_decrypt: first response to initial packet from [0-9.]{7,15}:[0-9]+, sid=[0-9a-f]+ [0-9a-f]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: tls_pre_decrypt: new session incoming connection from [0-9.]{7,15}:[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: tls_process: killed expiring key$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS: soft reset sec=[0-9]+ bytes=[0-9]+/[0-9]+ pkts=[0-9]+/[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: TLS Error: Unknown data channel key ID or IP address received from [0-9.]{7,15}:[0-9]+: [0-9]+ \(see FAQ for more info on this error\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: read UDPv4 \[EHOSTUNREACH\]: No route to host \(code=113\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: read UDPv4 \[EHOSTUNREACH\|EHOSTUNREACH\]: No route to host \(code=113\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: read UDPv4 \[EHOSTUNREACH\|EHOSTUNREACH\|EHOSTUNREACH\]: No route to host \(code=113\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]+\[[0-9]+\]: Adaptive compression state (OFF|ON)$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/postfix 2004/10/19 09:48:20 1.30
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/postfix 2004/10/19 14:58:52 1.31
@@ -3,6 +3,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: message-id=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: removed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: message-id=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=10:certificate has expired$
@@ -10,6 +11,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=19:self signed certificate in certificate chain$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=20:unable to get local issuer certificate$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=21:unable to verify the first certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: verify error:num=24:invalid CA certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: verify error:num=26:unsupported certificate purpose$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=27:certificate not trusted$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: cert has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: Peer certificate could not be verified$
@@ -53,10 +56,11 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of CNAME record for [^[:space:]]+: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after (HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [.0-9]+ in address->name lookup for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL command: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9.]{7,15}\]: -1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+(\]|\[[^[:space:]]+\]), delay=[0-9]+, status=sent \(250 [0-9\.]+ Ok(, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+)*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9.]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [.0-9]+ as permitted sender$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/squid 2004/08/14 11:46:22 1.5
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/squid 2004/10/19 14:58:52 1.6
@@ -48,5 +48,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: +store_swap_size = [0-9]+k$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: storeLateRelease: released [0-9]+ objects$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: +[0-9]+ entries written so far\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: urlParse: Illegal character in hostname '.*'$
# squidguard
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ 'squidGuard' processes$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2004/05/17 17:49:12 1.4
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2004/10/19 14:58:52 1.5
@@ -3,3 +3,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [.0-9]+ port 22\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [.0-9]+: [0-9]+: Client disconnect
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/uptimed 2004/04/26 19:33:51 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/uptimed 2004/10/19 14:58:52 1.3
@@ -1,2 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: moving up to position [0-9]+: [0-9]+ day[s ], [:0-9]{8}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: milestone: [0-9]+ day[s ], [:0-9]{8} \([[:alnum:] ]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: new uptime record: .*$