summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2023-10-30 13:45:37 +0100
committerHendrik Jäger <gitcommit@henk.geekmail.org>2023-10-30 13:45:37 +0100
commit041f4e21f3c4ea1a3e6dadbb49c56e64f7b7a837 (patch)
tree0df006e5c9cba863566a0a2c34a8432351a47c34
parenta7ed652928ac50e64a6225cac1e7ec95559737f2 (diff)
update rules
-rw-r--r--files/etc/logcheck/ignore.d.server/local-dovecot2
-rw-r--r--files/etc/logcheck/ignore.d.server/local-knot33
-rw-r--r--files/etc/logcheck/ignore.d.server/local-tor1
3 files changed, 35 insertions, 1 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot
index b75ac06..992632a 100644
--- a/files/etc/logcheck/ignore.d.server/local-dovecot
+++ b/files/etc/logcheck/ignore.d.server/local-dovecot
@@ -16,7 +16,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected:( Disconnected:)?( [[:lower:]_]+=[[:digit:]]+)*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity in IDLE( [[:lower:]_]+=[[:digit:]]+)*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity( [[:lower:]_]+=[[:digit:]]+)*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for 1800 secs( [[:lower:]_]+=[[:digit:]]+)*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for [[:digit:]]+ secs( [[:lower:]_]+=[[:digit:]]+)*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out in IDLE( [[:lower:]_]+=[[:digit:]]+)*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out( [[:lower:]_]+=[[:digit:]]+)*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Too many invalid IMAP commands\. in IDLE( [[:lower:]_]+=[[:digit:]]+)*$
diff --git a/files/etc/logcheck/ignore.d.server/local-knot b/files/etc/logcheck/ignore.d.server/local-knot
new file mode 100644
index 0000000..bc89efc
--- /dev/null
+++ b/files/etc/logcheck/ignore.d.server/local-knot
@@ -0,0 +1,33 @@
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, finished, serial [[:digit:]]+ -> [[:digit:]]+, 0.[[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, processing [[:digit:]]+ updates$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+ -> [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes, expires in [[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] notify, outgoing, remote [[:xdigit:].:]+@53, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] refresh, remote [[:xdigit:].:]+@53, remote serial [[:digit:]]+, zone is up-to-date, expires in [[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file parsed, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file updated, serial [[:digit:]]+ -> [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone will be loaded$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info binding to interface [[:xdigit:].:]+@53$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changed directory to /$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing GID to [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing UID to [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info configuration reloaded$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, binding to '/run/knot/knot.sock'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'reload'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'status'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'stop'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info Knot DNS [[:digit:].]+ starting$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loaded configuration file '/etc/knot/knot.conf', mapsize 500 MiB$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loading [[:digit:]]+ zones$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info process not allowed to set capabilities, skipping$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info reloading configuration file '/etc/knot/knot.conf'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info server started as a daemon, PID [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info shutting down$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info starting server$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info stopping server$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info updating persistent timer DB$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info using UDP reuseport, incoming TCP Fast Open$
diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor
index e4708fe..e39da89 100644
--- a/files/etc/logcheck/ignore.d.server/local-tor
+++ b/files/etc/logcheck/ignore.d.server/local-tor
@@ -11,3 +11,4 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Tor has been idle for [[:digit:]]+ seconds; assuming established circuits no longer work\.$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: We compiled with OpenSSL 101010ef: OpenSSL 1\.1\.1n 15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n\. These two versions should be binary compatible\.$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: While (not )?bootstrapping, fetched this many bytes: [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\)(; [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\))*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Measuring circuit timeout 4-hop circuit in state doing handshakes with channel state open\) to 60000ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$