[Logcheck-devel] Bug#499323: Additional regular expressions for openvpn/logcheck

[Stefan Tomanek]

I've created some additional regular expressions for use with
logcheck and openVPN; The existing ones do not expect OpenVPN to
log the clients name and address, which these do:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt: Cipher '[[:alnum:]-]+' initialized with [0-9]+ bit key$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt: Using [0-9]+ bit message hash '[[:alnum:]-]+' for HMAC authentication$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?TLS: Username/Password authentication succeeded for username '\w+' (\[CN SET\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Control Channel: TLSv1, cipher TLSv1/SSLv3 [[:alnum:]-]+, [0-9]+ bit RSA$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Data|Control) Channel MTU parms \[[[:upper:]:0-9 ]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Local|Expected Remote) Options hash \(VER=V[0-9]+\): '[0-9a-f]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Peer Connection Initiated with [0-9.]{7,15}:[0-9]+$

I hope these get integrated in a future update of logcheck-database.