summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2023-12-28 10:21:13 +0100
committerHendrik Jäger <gitcommit@henk.geekmail.org>2023-12-28 10:21:13 +0100
commitaaecb200c3a73d044650e55145277c8155460545 (patch)
tree64bcf96133b597254e2ba14b78a18ec60cc7ce6a
parenteebd1ebdf441241d315c84e5d45f55f8b526dcd3 (diff)
update rules
-rw-r--r--files/etc/logcheck/ignore.d.server/local-knot7
-rw-r--r--files/etc/logcheck/ignore.d.server/local-ssh1
2 files changed, 8 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-knot b/files/etc/logcheck/ignore.d.server/local-knot
index e0b171b..c95e079 100644
--- a/files/etc/logcheck/ignore.d.server/local-knot
+++ b/files/etc/logcheck/ignore.d.server/local-knot
@@ -4,6 +4,12 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] AXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DDNS, finished, serial [[:digit:]]+ -> [[:digit:]]+, 0.[[:digit:]]+ seconds$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DDNS, processing [[:digit:]]+ updates$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, key, tag [[:digit:][:space:]]+, algorithm ECDSAP256SHA256, KSK, public, ready, active+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, key, tag [[:digit:][:space:]]+, algorithm ECDSAP256SHA256, public, active$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, next signing at [[:digit:]T:+-]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, signing started$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, signing zone$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, successfully signed$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, receiving AXFR-style IXFR$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, started$
@@ -40,4 +46,5 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: stopping server$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: updating persistent timer DB$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: using UDP reuseport, incoming TCP Fast Open$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: notice: \[[[:alnum:].-]+\] DNSSEC, KSK submission, waiting for confirmation$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: notice: TCP, terminated inactive client, address [[:xdigit:].:@]+$
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh
index 6620b20..fbf026d 100644
--- a/files/etc/logcheck/ignore.d.server/local-ssh
+++ b/files/etc/logcheck/ignore.d.server/local-ssh
@@ -30,6 +30,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection reset by peer$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_protocol_error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for (invalid user [[:alnum:][:space:][:digit:]@\\!._-]*|root|sshd|mysql|ftp|nagios|postgres|redis) from [:.[:xdigit:]]+ port [[:digit:]]+ ssh2 \[preauth\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: service\(sshd\) ignoring max retries; [[:digit:]] > [[:digit:]]$