diff options
| author | Hendrik Jäger <hendrik@securosys.ch> | 2018-11-19 11:14:12 +0100 |
|---|---|---|
| committer | Hendrik Jäger <hendrik@securosys.ch> | 2018-11-19 11:14:22 +0100 |
| commit | 090bc1885fa92b2cc1e12263df5ce04f7b0c664f (patch) | |
| tree | 466f42be918a533baae990cbaf2f72924c5332d6 /files | |
| parent | 56fbcb7164ecbc1e73977a5848f8a8e28b99af86 (diff) | |
Add wpasupplicant rules to server logcheck
Diffstat (limited to 'files')
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-wpasupplicant | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-wpasupplicant b/files/etc/logcheck/ignore.d.server/local-wpasupplicant new file mode 100644 index 0000000..ea0c47e --- /dev/null +++ b/files/etc/logcheck/ignore.d.server/local-wpasupplicant @@ -0,0 +1,23 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?(SME: )?Trying to (authenticate|associate) with ([0-9a-f]{2}:){5}[0-9a-f]{2} \(SSID='[.[:alnum:]-]+' freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0) MHz\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?Associated with ([0-9a-f]{2}:){5}[0-9a-f]{2}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Group rekeying completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[GTK=(CCMP|TKIP)\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Key negotiation completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[PTK=(CCMP|TKIP) GTK=(CCMP|TKIP)\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-CONNECTED - Connection to ([0-9a-f]{2}:){5}[0-9a-f]{2} completed (\((re)?auth\) )?\[id=[0-9]+ id_str=[_[:alnum:]]*\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-SCAN-(STARTED|RESULTS)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-MSCHAPV2: Authentication succeeded$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: WPS-AP-AVAILABLE$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (bssid=([0-9a-f]{2}:){5}[0-9a-f]{2}|ssid=[.[:alnum:]-]+|id=[0-9]+|id_str=[_[:alnum:]]*|freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0)|address=([0-9a-f]{2}:){5}[0-9a-f]{2}|uuid=[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (WPA_IFACE=(wlan[0-9]|wlp[0-9]s[0-9]) WPA_ACTION=CONNECTED|WPA_ID=[0-9]+ WPA_ID_STR=[_[:alnum:]]* WPA_CTRL_DIR=/var/run/wpa_supplicant)$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (pairwise_cipher=(TKIP|CCMP)|group_cipher=(TKIP|CCMP)|key_mgmt=WPA2?(-PSK|/IEEE 802.1X/EAP)|wpa_state=COMPLETED)$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifup (wlan[0-9]|wlp[0-9]s[0-9])=[_[:alnum:]]*$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (creating|removing) sendsigs omission pidfile: /(run|lib/init/rw)/sendsigs\.omit\.d/wpasupplicant\.wpa_supplicant\.(wlan[0-9]|wlp[0-9]s[0-9])\.pid$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (Supplicant PAE state=AUTHENTICATED|suppPortStatus=Authorized|EAP state=SUCCESS|selectedMethod=25 \(EAP-PEAP\)|EAP TLS cipher=DHE-RSA-AES256-SHA|EAP-PEAPv0 Phase2 method=MSCHAPV2)$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ip_address=(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: WPA_IFACE=(wlan[0-9]|wlp[0-9]s[0-9]) WPA_ACTION=DISCONNECTED$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: mode=station$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifdown (wlan[0-9]|wlp[0-9]s[0-9])$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys$ +^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-DISCONNECTED bssid=([0-9a-f]{2}:){5}[0-9a-f]{2} reason=[0-9] locally_generated=1$ |