diff options
| author | Hendrik Jaeger <git-commit@henk.geekmail.org> | 2018-12-29 16:07:45 +0100 |
|---|---|---|
| committer | Hendrik Jaeger <git-commit@henk.geekmail.org> | 2018-12-29 16:07:45 +0100 |
| commit | d9632c72f8e8fff95c6c90bce91e8c0e7489e2be (patch) | |
| tree | a535bffe3038eea8278cba1791649d8b0d2ac877 /files/etc | |
| parent | 62226c8449678658be350efbe188d3f6c55c3089 (diff) | |
Update logcheck files
Diffstat (limited to 'files/etc')
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-hostapd | 6 | ||||
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-pumpd | 2 | ||||
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 2 |
3 files changed, 9 insertions, 1 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-hostapd b/files/etc/logcheck/ignore.d.server/local-hostapd index 9c9ee0c..3bd04ab 100644 --- a/files/etc/logcheck/ignore.d.server/local-hostapd +++ b/files/etc/logcheck/ignore.d.server/local-hostapd @@ -1,2 +1,8 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ WPA: group key handshake completed \(RSN\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ IEEE 802.11: disassociated$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ IEEE 802.11: deauthenticated due to inactivity \(timer DEAUTH/REMOVE\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ IEEE 802.11: authenticated$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ IEEE 802.11: associated \(aid 1\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ RADIUS: starting accounting session [[:xdigit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hostapd: [[:alnum:]]+: STA [[:xdigit:]:]+ WPA: pairwise key handshake completed \(RSN\)$ diff --git a/files/etc/logcheck/ignore.d.server/local-pumpd b/files/etc/logcheck/ignore.d.server/local-pumpd new file mode 100644 index 0000000..eee1f40 --- /dev/null +++ b/files/etc/logcheck/ignore.d.server/local-pumpd @@ -0,0 +1,2 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pumpd\[[[:digit:]]+\]: renewed lease for interface [[:alnum:]]+$ + diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index bea1716..7fdf894 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -8,7 +8,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+ port [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: bad client public DH value \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Change of username or service not allowed: \([^,]*,ssh-connection\) -> \([^,]*,(ssh-connection\))? \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Change of username or service not allowed: \([^,]+,ssh-connection\) -\> \([^,]+,[^)]+ \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Packet corrupt \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$ |