Update logcheck rules for wpasupplicant to catch wired interfaces

2 files changed, 8 insertions, 6 deletions

diff --git a/files/etc/logcheck/ignore.d.server/local-wpasupplicant b/files/etc/logcheck/ignore.d.server/local-wpasupplicant
index 72ec854..55ffdb0 100644
--- a/files/etc/logcheck/ignore.d.server/local-wpasupplicant
+++ b/files/etc/logcheck/ignore.d.server/local-wpasupplicant
@@ -15,11 +15,11 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?Associated with ([0-9a-f]{2}:){5}[0-9a-f]{2}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-CONNECTED - Connection to ([0-9a-f]{2}:){5}[0-9a-f]{2} completed (\((re)?auth\) )?\[id=[0-9]+ id_str=[_[:alnum:]]*\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=[^']*' hash=[[:xdigit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+ -> NAK$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=[^']*' hash=[[:xdigit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+ -> NAK$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?(SME: )?Trying to (authenticate|associate) with ([0-9a-f]{2}:){5}[0-9a-f]{2} \(SSID='[.[:alnum:]-]+' freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0) MHz\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Group rekeying completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[GTK=(CCMP|TKIP)\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Key negotiation completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[PTK=(CCMP|TKIP) GTK=(CCMP|TKIP)\]$
diff --git a/files/etc/logcheck/ignore.d.workstation/local-wpasupplicant b/files/etc/logcheck/ignore.d.workstation/local-wpasupplicant
index ac89ec0..1f4d9e5 100644
--- a/files/etc/logcheck/ignore.d.workstation/local-wpasupplicant
+++ b/files/etc/logcheck/ignore.d.workstation/local-wpasupplicant
@@ -16,9 +16,11 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?Associated with ([0-9a-f]{2}:){5}[0-9a-f]{2}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-CONNECTED - Connection to ([0-9a-f]{2}:){5}[0-9a-f]{2} completed (\((re)?auth\) )?\[id=[0-9]+ id_str=[_[:alnum:]]*\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+ -> NAK$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=[^']*' hash=[[:xdigit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=[[:digit:]]+ -> NAK$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]|enp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?(SME: )?Trying to (authenticate|associate) with ([0-9a-f]{2}:){5}[0-9a-f]{2} \(SSID='[.[:alnum:]-]+' freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0) MHz\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Group rekeying completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[GTK=(CCMP|TKIP)\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Key negotiation completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[PTK=(CCMP|TKIP) GTK=(CCMP|TKIP)\]$