diff options
author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-12-28 10:21:13 +0100 |
---|---|---|
committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2023-12-28 10:21:13 +0100 |
commit | aaecb200c3a73d044650e55145277c8155460545 (patch) | |
tree | 64bcf96133b597254e2ba14b78a18ec60cc7ce6a | |
parent | eebd1ebdf441241d315c84e5d45f55f8b526dcd3 (diff) |
update rules
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-knot | 7 | ||||
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-knot b/files/etc/logcheck/ignore.d.server/local-knot index e0b171b..c95e079 100644 --- a/files/etc/logcheck/ignore.d.server/local-knot +++ b/files/etc/logcheck/ignore.d.server/local-knot @@ -4,6 +4,12 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] AXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DDNS, finished, serial [[:digit:]]+ -> [[:digit:]]+, 0.[[:digit:]]+ seconds$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DDNS, processing [[:digit:]]+ updates$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, key, tag [[:digit:][:space:]]+, algorithm ECDSAP256SHA256, KSK, public, ready, active+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, key, tag [[:digit:][:space:]]+, algorithm ECDSAP256SHA256, public, active$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, next signing at [[:digit:]T:+-]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, signing started$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, signing zone$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] DNSSEC, successfully signed$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, receiving AXFR-style IXFR$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: \[[[:alnum:].-]+\] IXFR, incoming, remote [[:xdigit:].:]+@53, started$ @@ -40,4 +46,5 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: stopping server$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: updating persistent timer DB$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info: using UDP reuseport, incoming TCP Fast Open$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: notice: \[[[:alnum:].-]+\] DNSSEC, KSK submission, waiting for confirmation$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: notice: TCP, terminated inactive client, address [[:xdigit:].:@]+$ diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 6620b20..fbf026d 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -30,6 +30,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection reset by peer$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_protocol_error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for (invalid user [[:alnum:][:space:][:digit:]@\\!._-]*|root|sshd|mysql|ftp|nagios|postgres|redis) from [:.[:xdigit:]]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: service\(sshd\) ignoring max retries; [[:digit:]] > [[:digit:]]$ |