diff options
| author | Hendrik Jäger <hendrik@securosys.ch> | 2020-04-25 18:07:15 +0300 |
|---|---|---|
| committer | Hendrik Jäger <hendrik@securosys.ch> | 2020-04-25 18:07:15 +0300 |
| commit | 19eabfec1c57e7f4018666afcea9d268ffb9e1e9 (patch) | |
| tree | 7b52c3ff6fc740a131d72fb7ae2ec5112e96d7ca /files/etc | |
| parent | b19afccd1ccb9196b60fef11fdd496c86381041f (diff) | |
Update logcheck rules
Diffstat (limited to 'files/etc')
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-nsd | 2 | ||||
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-nsd b/files/etc/logcheck/ignore.d.server/local-nsd index 0f49638..d78f9b1 100644 --- a/files/etc/logcheck/ignore.d.server/local-nsd +++ b/files/etc/logcheck/ignore.d.server/local-nsd @@ -4,7 +4,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Handle incoming notify for zone [[:alnum:].-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: memory recyclebin holds [[:digit:]] bytes$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].-]+ from [[:xdigit:].:]+ serial [[:digit:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].-]+ from [[:xdigit:].:]+ refused, no acl matches$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].-]+ from [[:xdigit:].:]+ refused, no acl matches.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Notify received and accepted, forward to xfrd$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: NSTATS [[:digit:]]+ [[:digit:]]+ (A=[[:digit:]]+ )?(NS=[[:digit:]]+ )?(CNAME=[[:digit:]]+ )?(SOA=[[:digit:]]+ )?(PTR=[[:digit:]]+ )?(MX=[[:digit:]]+ )?(TXT=[[:digit:]]+ )?(AAAA=[[:digit:]]+ )?(SRV=[[:digit:]]+ )?(NAPTR=[[:digit:]]+ )?(TYPE38=[[:digit:]]+ )?(NSEC=[[:digit:]]+ )?(DNSKEY=[[:digit:]]+ )?(SPF=[[:digit:]]+ )?(TYPE251=[[:digit:]]+ )?(TYPE252=[[:digit:]]+ )?TYPE255=[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: packet too small, dropping tcp connection$ diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 184365d..c199a60 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -84,7 +84,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: incomplete message \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from authenticating user [[:alnum:][:space:][:digit:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from (authenticating|invalid) user [[:alnum:][:space:][:digit:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: bignum is negative \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: packet_write_wait: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: packet_write_wait: Connection from authenticating user [[:alnum:][:space:][:digit:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ |