summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2022-08-05 21:27:47 +0200
committerHendrik Jäger <gitcommit@henk.geekmail.org>2022-08-05 21:27:47 +0200
commitc679cbf455db03d13c4c70069d764f71f503cb18 (patch)
treedcbcef84687845c97c827518cb5350026ff0f4b8
parente5901aa31a875bfd465f3347c1812894c6eb9ae1 (diff)
update rules
-rw-r--r--files/etc/logcheck/ignore.d.server/local-auditd4
-rw-r--r--files/etc/logcheck/ignore.d.server/local-kernel10
-rw-r--r--files/etc/logcheck/ignore.d.server/local-syncthing18
-rw-r--r--files/etc/logcheck/ignore.d.server/local-systemd27
-rw-r--r--files/etc/logcheck/ignore.d.server/local-udisksd3
5 files changed, 45 insertions, 17 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-auditd b/files/etc/logcheck/ignore.d.server/local-auditd
index 12cda75..ab576ac 100644
--- a/files/etc/logcheck/ignore.d.server/local-auditd
+++ b/files/etc/logcheck/ignore.d.server/local-auditd
@@ -13,8 +13,8 @@ type=USER_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:dig
type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]-]+")?$
type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$
type=ANOM_PROMISCUOUS msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): dev=[[:alnum:].]+ prom=[[:digit:]]+ old_prom=[[:digit:]]+ auid=0 uid=0 gid=0 ses=[[:digit:]]+([^[:alpha:]]+AUID="[[:alnum:]]+" UID="root" GID="root")?$
-type=SERVICE_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$
-type=SERVICE_STOP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$
+type=SERVICE_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]@-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$
+type=SERVICE_STOP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]@-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating log files$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: The audit daemon is exiting\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: No plugins found, not dispatching events$
diff --git a/files/etc/logcheck/ignore.d.server/local-kernel b/files/etc/logcheck/ignore.d.server/local-kernel
index 1c76c5e..8856af7 100644
--- a/files/etc/logcheck/ignore.d.server/local-kernel
+++ b/files/etc/logcheck/ignore.d.server/local-kernel
@@ -6,7 +6,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: disabling queued TRIM support$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: Enabling discard_zeroes_data$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link down \(SStatus 0 SControl 300\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link up [[:digit:].]+ Gbps \(SStatus 133 SControl 300\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link up [[:digit:].]+ Gbps \(SStatus [[:digit:]]+ SControl 300\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: supports DRM functions and may not be fully accessible$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] CPU[[:digit:]] is up$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? device [[:alnum:].]+ (entered|left) promiscuous mode$
@@ -14,9 +14,10 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: <[[:digit:]]+>(\[ *[[:digit:]]+\.[[:digit:]]+\])? systemd-udevd\[[[:digit:]]+\]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: <[[:digit:]]+>(\[ *[[:digit:]]+\.[[:digit:]]+\])? systemd-udevd\[[[:digit:]]+\]: Using default interface naming scheme 'v240'\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] (Dis|En)abling non-boot CPUs \.\.\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Filesystems sync: [[:digit:].]+ seconds$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Freezing remaining freezable tasks \.\.\. \(elapsed [[:digit:].]+ seconds\) done\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Freezing user space processes \.\.\. \(elapsed [[:digit:].]+ seconds\) done\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] IRQ [[:digit:]]+: no longer affine to CPU1$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] IRQ [[:digit:]]+: no longer affine to CPU[[:digit:]]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] kauditd_printk_skb: [[:digit:]]+ callbacks suppressed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] nfsd: last server has exited, flushing export cache$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] NFSD: starting 90-second grace period \(net [[:xdigit:]]+\)$
@@ -26,14 +27,17 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] perf: interrupt took too long ([[:digit:]]+ > [[:digit:]]+), lowering kernel.perf_event_max_sample_rate to [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: Restoring platform NVS memory$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: Saving platform NVS memory$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: suspend entry \(deep\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: suspend exit$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] printk: Suspending console\(s\) \(use no_console_suspend to debug\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Process accounting resumed$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:]+ [[:alnum:]]+: Link is Down$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:.]+ [[:alnum:]]+: Link is Down$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:.]+ [[:alnum:]]+: Link is Up - 1Gbps/Full - flow control off$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Rekeying PTK for STA [[:xdigit:]:]+ but driver can't safely do that\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Restarting tasks \.\.\. done\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] sd [[:digit:]:]+: \[sd[[:alpha:]]\] (Stopping|Starting) disk$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] sd [[:digit:]:]+: \[sd[[:alpha:]]\] Synchronizing SCSI cache$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] smpboot: Booting Node 0 Processor [[:digit:]] APIC 0x[[:digit:]]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] smpboot: CPU [[:digit:]]+ is now offline$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] UDF-fs: INFO Mounting volume '.*', timestamp 2009/06/25 23:11 \(1000\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] x86: Booting SMP configuration:$
diff --git a/files/etc/logcheck/ignore.d.server/local-syncthing b/files/etc/logcheck/ignore.d.server/local-syncthing
index c7411fb..200f8f4 100644
--- a/files/etc/logcheck/ignore.d.server/local-syncthing
+++ b/files/etc/logcheck/ignore.d.server/local-syncthing
@@ -1,17 +1,18 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Access the GUI via the following URL: http://127.0.0.1:8384/$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Completed initial scan of sendreceive folder "[[:alnum:][:space:]]+" \([[:alnum:]-]+\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to [[:alnum:]]+ at .* closed: Syncthing is being stopped$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to [[:alnum:]-]+ at .* closed: Syncthing is being stopped$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to .* closed: replacing connection
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Detected 1 NAT service$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]]+ client is "syncthing [[:alnum:].-]+" named "[[:alnum:]]+" at .*$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]]+ is "[[:alnum:]]+" at \[dynamic\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]-]+ client is "syncthing [[:alnum:].-]+" named "[[:alnum:]]+" at .*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]-]+ is "[[:alnum:]]+" at \[dynamic\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Disconnected from relay .*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Exiting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Established secure connection to .*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Failed to exchange Hello messages with [[:alnum:]]+ at .*: read tcp .*: i/o timeout$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: GUI and API listening on 127.0.0.1:8384$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Hashing performance is [[:digit:].]+ MB/s$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Joined relay relay://[[:digit:].]+:[[:digit:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My ID: [[:alnum:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My ID: [[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My name is "[[:alnum:]]+"$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Overall send rate is unlimited, receive rate is unlimited$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: quic://0.0.0.0:22000 detected NAT type: Port restricted NAT$
@@ -19,15 +20,16 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: QUIC listener \(\[::\]:22000\) shutting down$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: QUIC listener \(\[::\]:22000\) starting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Ready to synchronize "[[:alnum:][:space:]]+" \([[:alnum:]-]+\) \(sendreceive\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic+https://relays.syncthing.net/endpoint\) shutting down$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic+https://relays.syncthing.net/endpoint\) starting$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic\+https://relays.syncthing.net/endpoint\) shutting down$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic\+https://relays.syncthing.net/endpoint\) starting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Replacing old connection .*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Single thread SHA256 performance is [[:digit:]]+ MB/s using minio/sha256-simd \([[:digit:]]+ MB/s using crypto/sha256\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Starting deadlock detector with 20m0s timeout$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: TCP listener \(\[::\]:22000\) starting$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: global discovery server https[[:alnum:]_:/?&=-]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: TCP listener \(\[::\]:22000\) shutting down$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: global discovery server https[[:alnum:]_.:/?&=-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: IPv4 local broadcast discovery on port [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: IPv6 local multicast discovery on address \[[[:xdigit:]:]+\]:[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: [[:digit:][:space:]/:]+ connection doesn't allow setting of receive buffer size. See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[monitor\] INFO: Signal 1 received; restarting$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[start\] INFO: syncthing v[[:alnum:].-]+ "[[:alnum:]]+" \(go[[:digit:].]+ linux-amd64\) debian@debian [[:digit:]:-]+ UTC$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[start\] INFO: syncthing v[[:alnum:].-]+ "[[:alnum:][:space:]]+" \(go[[:digit:].]+ linux-amd64\) debian@debian [[:digit:]:-]+ UTC$
diff --git a/files/etc/logcheck/ignore.d.server/local-systemd b/files/etc/logcheck/ignore.d.server/local-systemd
index aab8734..1d5c3bd 100644
--- a/files/etc/logcheck/ignore.d.server/local-systemd
+++ b/files/etc/logcheck/ignore.d.server/local-systemd
@@ -1,6 +1,25 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting exim4-base housekeeping\.\.\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting Daily man-db regeneration\.\.\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished exim4-base housekeeping\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: [[:alnum:]-]+\.socket: Succeeded\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: anacron.service: Consumed [[:digit:]]\.[[:digit:]]*s CPU time\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed D-Bus User Message Bus Socket\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed Sound System\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Cleanup of Temporary Directories\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Autocommit of changes in /etc directory\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished exim4-base housekeeping\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Exit the Session\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Restart Syncthing after resume\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Suspend\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: media-[[:alnum:]]+-[[:alnum:]\-]+.mount: Succeeded\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Removed slice User Application Slice\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Removed slice User Slice of UID [[:digit:]]+\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: run-user-[[:digit:]]+.mount: Succeeded\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Started Syncthing - Open Source Continuous File Synchronization for [[:alnum:]]+\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting Daily man-db regeneration\.\.\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting exim4-base housekeeping\.\.\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopped D-Bus User Message Bus\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopped Syncthing - Open Source Continuous File Synchronization for [[:alnum:]]+\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopping D-Bus User Message Bus\.\.\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Consumed [[:digit:].]s CPU time\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Scheduled restart job, restart counter is at [[:digit:]]+\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Succeeded\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user@[[:digit:]]+.service: Succeeded\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user-[[:digit:]]+.slice: Consumed [[:digit:].]+s CPU time\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user-runtime-dir@[[:digit:]]+.service: Succeeded\.$
diff --git a/files/etc/logcheck/ignore.d.server/local-udisksd b/files/etc/logcheck/ignore.d.server/local-udisksd
new file mode 100644
index 0000000..a5ff148
--- /dev/null
+++ b/files/etc/logcheck/ignore.d.server/local-udisksd
@@ -0,0 +1,3 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Cleaning up mount point /media/[[:alnum:]]/.* \(device [[:digit:]]+:0 is not mounted\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Mounted /dev/sr0 at /media/[[:alnum:]]+/.* on behalf of uid [[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Unmounted /dev/sr0 on behalf of uid [[:digit:]]+$