diff options
author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2022-08-05 21:27:47 +0200 |
---|---|---|
committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2022-08-05 21:27:47 +0200 |
commit | c679cbf455db03d13c4c70069d764f71f503cb18 (patch) | |
tree | dcbcef84687845c97c827518cb5350026ff0f4b8 | |
parent | e5901aa31a875bfd465f3347c1812894c6eb9ae1 (diff) |
update rules
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-auditd | 4 | ||||
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-kernel | 10 | ||||
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-syncthing | 18 | ||||
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-systemd | 27 | ||||
-rw-r--r-- | files/etc/logcheck/ignore.d.server/local-udisksd | 3 |
5 files changed, 45 insertions, 17 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-auditd b/files/etc/logcheck/ignore.d.server/local-auditd index 12cda75..ab576ac 100644 --- a/files/etc/logcheck/ignore.d.server/local-auditd +++ b/files/etc/logcheck/ignore.d.server/local-auditd @@ -13,8 +13,8 @@ type=USER_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:dig type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]-]+")?$ type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$ type=ANOM_PROMISCUOUS msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): dev=[[:alnum:].]+ prom=[[:digit:]]+ old_prom=[[:digit:]]+ auid=0 uid=0 gid=0 ses=[[:digit:]]+([^[:alpha:]]+AUID="[[:alnum:]]+" UID="root" GID="root")?$ -type=SERVICE_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$ -type=SERVICE_STOP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$ +type=SERVICE_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]@-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$ +type=SERVICE_STOP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='unit=[[:alnum:]@-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'[^[:alpha:]]+UID="root" AUID="unset"$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating log files$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: The audit daemon is exiting\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: No plugins found, not dispatching events$ diff --git a/files/etc/logcheck/ignore.d.server/local-kernel b/files/etc/logcheck/ignore.d.server/local-kernel index 1c76c5e..8856af7 100644 --- a/files/etc/logcheck/ignore.d.server/local-kernel +++ b/files/etc/logcheck/ignore.d.server/local-kernel @@ -6,7 +6,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: disabling queued TRIM support$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: Enabling discard_zeroes_data$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link down \(SStatus 0 SControl 300\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link up [[:digit:].]+ Gbps \(SStatus 133 SControl 300\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:]]: SATA link up [[:digit:].]+ Gbps \(SStatus [[:digit:]]+ SControl 300\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] ata[[:digit:].]+: supports DRM functions and may not be fully accessible$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] CPU[[:digit:]] is up$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? device [[:alnum:].]+ (entered|left) promiscuous mode$ @@ -14,9 +14,10 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: <[[:digit:]]+>(\[ *[[:digit:]]+\.[[:digit:]]+\])? systemd-udevd\[[[:digit:]]+\]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: <[[:digit:]]+>(\[ *[[:digit:]]+\.[[:digit:]]+\])? systemd-udevd\[[[:digit:]]+\]: Using default interface naming scheme 'v240'\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] (Dis|En)abling non-boot CPUs \.\.\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Filesystems sync: [[:digit:].]+ seconds$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Freezing remaining freezable tasks \.\.\. \(elapsed [[:digit:].]+ seconds\) done\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Freezing user space processes \.\.\. \(elapsed [[:digit:].]+ seconds\) done\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] IRQ [[:digit:]]+: no longer affine to CPU1$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] IRQ [[:digit:]]+: no longer affine to CPU[[:digit:]]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] kauditd_printk_skb: [[:digit:]]+ callbacks suppressed$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] nfsd: last server has exited, flushing export cache$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] NFSD: starting 90-second grace period \(net [[:xdigit:]]+\)$ @@ -26,14 +27,17 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] perf: interrupt took too long ([[:digit:]]+ > [[:digit:]]+), lowering kernel.perf_event_max_sample_rate to [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: Restoring platform NVS memory$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: Saving platform NVS memory$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: suspend entry \(deep\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] PM: suspend exit$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] printk: Suspending console\(s\) \(use no_console_suspend to debug\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Process accounting resumed$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:]+ [[:alnum:]]+: Link is Down$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:.]+ [[:alnum:]]+: Link is Down$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] r8169 [[:digit:]:.]+ [[:alnum:]]+: Link is Up - 1Gbps/Full - flow control off$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Rekeying PTK for STA [[:xdigit:]:]+ but driver can't safely do that\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] Restarting tasks \.\.\. done\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] sd [[:digit:]:]+: \[sd[[:alpha:]]\] (Stopping|Starting) disk$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] sd [[:digit:]:]+: \[sd[[:alpha:]]\] Synchronizing SCSI cache$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] smpboot: Booting Node 0 Processor [[:digit:]] APIC 0x[[:digit:]]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] smpboot: CPU [[:digit:]]+ is now offline$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] UDF-fs: INFO Mounting volume '.*', timestamp 2009/06/25 23:11 \(1000\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[ *[[:digit:]]+\.[[:digit:]]+\] x86: Booting SMP configuration:$ diff --git a/files/etc/logcheck/ignore.d.server/local-syncthing b/files/etc/logcheck/ignore.d.server/local-syncthing index c7411fb..200f8f4 100644 --- a/files/etc/logcheck/ignore.d.server/local-syncthing +++ b/files/etc/logcheck/ignore.d.server/local-syncthing @@ -1,17 +1,18 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Access the GUI via the following URL: http://127.0.0.1:8384/$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Completed initial scan of sendreceive folder "[[:alnum:][:space:]]+" \([[:alnum:]-]+\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to [[:alnum:]]+ at .* closed: Syncthing is being stopped$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to [[:alnum:]-]+ at .* closed: Syncthing is being stopped$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Connection to .* closed: replacing connection ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Detected 1 NAT service$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]]+ client is "syncthing [[:alnum:].-]+" named "[[:alnum:]]+" at .*$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]]+ is "[[:alnum:]]+" at \[dynamic\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]-]+ client is "syncthing [[:alnum:].-]+" named "[[:alnum:]]+" at .*$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Device [[:alnum:]-]+ is "[[:alnum:]]+" at \[dynamic\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Disconnected from relay .*$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Exiting$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Established secure connection to .*$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Failed to exchange Hello messages with [[:alnum:]]+ at .*: read tcp .*: i/o timeout$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: GUI and API listening on 127.0.0.1:8384$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Hashing performance is [[:digit:].]+ MB/s$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Joined relay relay://[[:digit:].]+:[[:digit:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My ID: [[:alnum:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My ID: [[:alnum:]-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: My name is "[[:alnum:]]+"$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Overall send rate is unlimited, receive rate is unlimited$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: quic://0.0.0.0:22000 detected NAT type: Port restricted NAT$ @@ -19,15 +20,16 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: QUIC listener \(\[::\]:22000\) shutting down$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: QUIC listener \(\[::\]:22000\) starting$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Ready to synchronize "[[:alnum:][:space:]]+" \([[:alnum:]-]+\) \(sendreceive\)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic+https://relays.syncthing.net/endpoint\) shutting down$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic+https://relays.syncthing.net/endpoint\) starting$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic\+https://relays.syncthing.net/endpoint\) shutting down$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Relay listener \(dynamic\+https://relays.syncthing.net/endpoint\) starting$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Replacing old connection .*$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Single thread SHA256 performance is [[:digit:]]+ MB/s using minio/sha256-simd \([[:digit:]]+ MB/s using crypto/sha256\)\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Starting deadlock detector with 20m0s timeout$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: TCP listener \(\[::\]:22000\) starting$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: global discovery server https[[:alnum:]_:/?&=-]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: TCP listener \(\[::\]:22000\) shutting down$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: global discovery server https[[:alnum:]_.:/?&=-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: IPv4 local broadcast discovery on port [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[[[:alnum:]]+\] INFO: Using discovery mechanism: IPv6 local multicast discovery on address \[[[:xdigit:]:]+\]:[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: [[:digit:][:space:]/:]+ connection doesn't allow setting of receive buffer size. See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[monitor\] INFO: Signal 1 received; restarting$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[start\] INFO: syncthing v[[:alnum:].-]+ "[[:alnum:]]+" \(go[[:digit:].]+ linux-amd64\) debian@debian [[:digit:]:-]+ UTC$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syncthing\[[[:digit:]]+\]: \[start\] INFO: syncthing v[[:alnum:].-]+ "[[:alnum:][:space:]]+" \(go[[:digit:].]+ linux-amd64\) debian@debian [[:digit:]:-]+ UTC$ diff --git a/files/etc/logcheck/ignore.d.server/local-systemd b/files/etc/logcheck/ignore.d.server/local-systemd index aab8734..1d5c3bd 100644 --- a/files/etc/logcheck/ignore.d.server/local-systemd +++ b/files/etc/logcheck/ignore.d.server/local-systemd @@ -1,6 +1,25 @@ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting exim4-base housekeeping\.\.\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting Daily man-db regeneration\.\.\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished exim4-base housekeeping\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: [[:alnum:]-]+\.socket: Succeeded\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: anacron.service: Consumed [[:digit:]]\.[[:digit:]]*s CPU time\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed D-Bus User Message Bus Socket\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed Sound System\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Cleanup of Temporary Directories\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Autocommit of changes in /etc directory\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished exim4-base housekeeping\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Exit the Session\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Restart Syncthing after resume\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Suspend\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: media-[[:alnum:]]+-[[:alnum:]\-]+.mount: Succeeded\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Removed slice User Application Slice\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Removed slice User Slice of UID [[:digit:]]+\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: run-user-[[:digit:]]+.mount: Succeeded\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Started Syncthing - Open Source Continuous File Synchronization for [[:alnum:]]+\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting Daily man-db regeneration\.\.\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting exim4-base housekeeping\.\.\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopped D-Bus User Message Bus\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopped Syncthing - Open Source Continuous File Synchronization for [[:alnum:]]+\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Stopping D-Bus User Message Bus\.\.\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Consumed [[:digit:].]s CPU time\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Scheduled restart job, restart counter is at [[:digit:]]+\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: syncthing@[[:alnum:]]+.service: Succeeded\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user@[[:digit:]]+.service: Succeeded\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user-[[:digit:]]+.slice: Consumed [[:digit:].]+s CPU time\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: user-runtime-dir@[[:digit:]]+.service: Succeeded\.$ diff --git a/files/etc/logcheck/ignore.d.server/local-udisksd b/files/etc/logcheck/ignore.d.server/local-udisksd new file mode 100644 index 0000000..a5ff148 --- /dev/null +++ b/files/etc/logcheck/ignore.d.server/local-udisksd @@ -0,0 +1,3 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Cleaning up mount point /media/[[:alnum:]]/.* \(device [[:digit:]]+:0 is not mounted\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Mounted /dev/sr0 at /media/[[:alnum:]]+/.* on behalf of uid [[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ udisksd\[[[:digit:]]+\]: Unmounted /dev/sr0 on behalf of uid [[:digit:]]+$ |