Update logcheck rules for nftables

author: Hendrik Jaeger <root@netwichtig.de> 2019-08-04 22:41:57 +0200
committer: Hendrik Jaeger <root@netwichtig.de> 2019-08-04 22:41:57 +0200
commit: 943b7655f51d1843d9a8c641d4c0c74c4d74b64d (patch)
tree: c7c7fa99beb4fd61b029c0ea50df20717c1939b3 /files
parent: 06d453739b634978f46a6376e5ac7527ddc0dc16 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-nftables b/files/etc/logcheck/ignore.d.server/local-nftables
index 5793c0d..8c9b26c 100644
--- a/files/etc/logcheck/ignore.d.server/local-nftables
+++ b/files/etc/logcheck/ignore.d.server/local-nftables
@@ -1 +1,2 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Bruteforce attack: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x00 (CWR ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Illegal incoming traffic: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x00 (CWR ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
author	Hendrik Jaeger <root@netwichtig.de>	2019-08-04 22:41:57 +0200
committer	Hendrik Jaeger <root@netwichtig.de>	2019-08-04 22:41:57 +0200
commit	943b7655f51d1843d9a8c641d4c0c74c4d74b64d (patch)
tree	c7c7fa99beb4fd61b029c0ea50df20717c1939b3 /files
parent	06d453739b634978f46a6376e5ac7527ddc0dc16 (diff)