Project

General

Profile

Revision bee22da5

IDbee22da5debe1d21741ae7b05265966e862725c5
Parent 5eb4ca9b
Child fd806bc1

Added by Marc Dequènes 6 months ago

updated logcheck rules #4

View differences:

ansible/roles/dc-base/files/logcheck/ignore.d.server/dc
27 27
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: managesieve\([-_.[:alnum:]]+\): sieve-storage: quota: (storage limit|script count limit):
28 28
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (managesieve|imap|pop3)-login: (Disconnected|Login: user=|Aborted login|Login failed: Plaintext authentication disabled:)
29 29
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|lda)\([-_.[:alnum:]]+\): msgid=
30
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|lda)\([-_.[:alnum:]]+\): sieve: (user's script path .* doesn't exist|user has no valid personal script|using sieve path for user's script:|no scripts to execute:|opening script|executing compiled script|msgid=<[^ ]+>: stored mail into mailbox '[._[:alnum:]-]+'|msgid=)
30
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|lda|lmtp)\([-_.[:alnum:]]+\):( [-_./[:alnum:]+]+:)? sieve:( msgid=<[-_.+@=[:alnum:]]+>:)? (user's script path .* doesn't exist|user has no valid personal script|using sieve path for user's script:|no scripts to execute:|opening script|executing compiled script|stored mail into mailbox '[._[:alnum:]-]+')
31 31
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)\([-_.[:alnum:]]+\): (Disconnected|Connection closed|Logged out)
32 32
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: ssl-params: (Generating SSL parameters|SSL parameters regeneration completed)$
33 33
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: auth: .* (unknown user|invalid credentials|Password mismatch|Username character disallowed by auth_username_chars)
34 34
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: auth: Warning: auth client [0-9]+ disconnected with [0-9]+ pending requests: EOF$
35
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: lmtp\([^\)]+\): [[:alnum:]]+: .* stored mail into mailbox
36 35
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: lmtp\([0-9]+): (Connect|Disconnect) from local
37 36
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: .*(Received signal: wake up|ClamAV update process started|Downloading|Database updated)
38 37
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: .*[-_.[:alnum:]]+.cld (is up to date|updated)
......
224 223
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: reject: .* Data command rejected: Multi-recipient bounce;
225 224
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Anonymous TLS connection established from
226 225
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from
227
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: improper command pipelining after (NOOP|HELO|EHLO|DATA|QUIT) from
226
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: improper command pipelining after (NOOP|HELO|EHLO|DATA|QUIT|AUTH) from
228 227
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection after EHLO from
229 228
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject(_warning)?:
230 229
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors after (DATA|RCPT)
......
238 237
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric hostname:
239 238
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: reply length [0-9]+ > buffer length [0-9]+ for name=[._[:alnum:]-]+ type=A$
240 239
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: empty hostname$
241
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: TLS library problem: error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol:s23_srvr\.c:610:$
240
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: TLS library problem: (error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol:s23_srvr\.c:610:|error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:|error:1408F09C:SSL routines:ssl3_get_record:http request:../ssl/record/ssl3_record.c:242:)$
242 241
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:alnum:]]+: .* status=sent
243 242
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pppd\[[0-9]+\]:$
244 243
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pppd\[[0-9]+\]: CHAP authentication succeeded$
......
327 326
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd(-logind)?: pam_unix\(systemd-user:session\): session (opened|closed) for user
328 327
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: Failed to set (cpu.cfs_(period|quota)_us|memory.limit_in_bytes)
329 328
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: [._[:alnum:]@-]+\.(service|scope|slice): Consumed [0-9.]+m?s CPU time$
329
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: apt-daily.timer: Adding [0-9]+h [0-9]+min [0-9.]+s random time.$
330 330
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ transmission-daemon\[[0-9]+\]: \[[^]]+\] Couldn't connect socket
331 331
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udev\[[0-9]+\]: (creating|removing) device node '/dev/(vcs|vcsa)[0-9]+'$
332 332
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ vnstatd\[[0-9]+\]: Interface .* (enabled|disabled).$

Also available in: Unified diff