[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Tue Jul 4 22:30:06 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv19277/rulefiles/linux/ignore.d.server
Modified Files:
ssh
Log Message:
* ignore.d.server/ssh: ignore messages about missing shadow information
for NOUSER (when there was a NULL user passed in the SSH protocol).
* ignore.d.server/ssh: make sure that we never get bothered by scans again
(closes: #376461, #354820).
* ignore.d.server/ssh: ignore SSH disconnects (closes: #376474).
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2005/10/15 14:06:13 1.14
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2006/07/04 22:30:06 1.15
@@ -1,13 +1,16 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic)?|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [.0-9]+ port 22\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [:[:xdigit:].]+ port 22\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [.0-9]+: [0-9]+: Client disconnect
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [0-9.]{7,15}: [0-9]+: Disconnect requested by Windows SSH Client\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [:[:xdigit:].]+: [0-9]+: Client disconnect
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [:[:xdigit:].]+: [0-9]+: Disconnect requested by Windows SSH Client\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from (::ffff:)?[.[:digit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication for [:[:alnum:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from (::ffff:)?[:0-9a-f.]{7,15}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([:[:xdigit:].]|UNKNOWN)+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from (::ffff:)?[.[:digit:]]+$
More information about the Logcheck-commits
mailing list