Update logcheck rules

3 files changed, 10 insertions, 3 deletions

diff --git a/files/etc/logcheck/ignore.d.server/local-nsd b/files/etc/logcheck/ignore.d.server/local-nsd
index 2bd395c..0810908 100644
--- a/files/etc/logcheck/ignore.d.server/local-nsd
+++ b/files/etc/logcheck/ignore.d.server/local-nsd
@@ -3,14 +3,15 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: failed reading from [[:xdigit:].:]+ tcp: Connection reset by peer$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Handle incoming notify for zone [[:alnum:].-]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: memory recyclebin holds [[:digit:]] bytes$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].]+ from [[:xdigit:].:]+ serial [[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].-]+ from [[:xdigit:].:]+ serial [[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Notify received and accepted, forward to xfrd$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: NSTATS [[:digit:]]+ [[:digit:]]+ (A=[[:digit:]]+ )?(NS=[[:digit:]]+ )?(CNAME=[[:digit:]]+ )?(SOA=[[:digit:]]+ )?(PTR=[[:digit:]]+ )?(MX=[[:digit:]]+ )?(TXT=[[:digit:]]+ )?(AAAA=[[:digit:]]+ )?(SRV=[[:digit:]]+ )?(NAPTR=[[:digit:]]+ )?(TYPE38=[[:digit:]]+ )?(NSEC=[[:digit:]]+ )?(DNSKEY=[[:digit:]]+ )?(SPF=[[:digit:]]+ )?(TYPE251=[[:digit:]]+ )?(TYPE252=[[:digit:]]+ )?TYPE255=[[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: packet too small, dropping tcp connection$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: signal received, reloading\.\.\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: writing zone [[:alnum:].-]+ to file [[:alnum:]/.-]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].]+ committed "received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+"$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].-]+ committed "received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+"$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].-]+ written received XFR from [[:digit:].]+ with serial [[:digit:]]+ to disk$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: XSTATS [[:digit:]]+ [[:digit:]]+ RR=[[:digit:]]+ RNXD=[[:digit:]]+ RFwdR=[[:digit:]]+ RDupR=[[:digit:]]+ RFail=[[:digit:]]+ RFErr=[[:digit:]]+ RErr=[[:digit:]]+ RAXFR=[[:digit:]]+ RLame=[[:digit:]]+ ROpts=[[:digit:]]+ SSysQ=[[:digit:]]+ SAns=[[:digit:]]+ SFwdQ=[[:digit:]]+ SDupQ=[[:digit:]]+ SErr=[[:digit:]]+ RQ=[[:digit:]]+ RIQ=[[:digit:]]+ RFwdQ=[[:digit:]]+ RDupQ=[[:digit:]]+ RTCP=[[:digit:]]+ SFwdR=[[:digit:]]+ SFail=[[:digit:]]+ SFErr=[[:digit:]]+ SNaAns=[[:digit:]]+ SNXD=[[:digit:]]+ RUQ=[[:digit:]]+ RURQ=[[:digit:]]+ RUXFR=[[:digit:]]+ RUUpd=[[:digit:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: zone [[:alnum:].]+\. received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+ of [[:digit:]]+ bytes in [[:digit:]e.-]+ seconds$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: zone [[:alnum:].-]+\. received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+ of [[:digit:]]+ bytes in [[:digit:]e.-]+ seconds$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: [Zz]one [[:alnum:].-]+ serial [[:digit:]]+ is updated to [[:digit:]]+\.$
+
diff --git a/files/etc/logcheck/ignore.d.server/local-spamd b/files/etc/logcheck/ignore.d.server/local-spamd
index 4d02853..3c379c1 100644
--- a/files/etc/logcheck/ignore.d.server/local-spamd
+++ b/files/etc/logcheck/ignore.d.server/local-spamd
@@ -3,3 +3,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]: pyzor: \[[[:digit:]]+\] error: TERMINATED, signal 15 \(000f\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=[[:digit:]]+ euid=[[:digit:]]+ rgid=[[:digit:]]+ 8 45 108 egid=[[:digit:]]+ 8 45 108$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: new_dns_packet: domain is utf8 flagged: [[:alnum:].-]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [0-2] idle children less than 1 minimum idle children\. Increasing spamd children: [[:digit:]]+ started\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [3-5] idle children more than 2 minimum idle children\. Decreasing spamd children: [[:digit:]]+ killed\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: handled cleanup of child pid \[[[:digit:]]+\] due to SIGCHLD: interrupted, signal 2 \(0002\)$
+
diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor
new file mode 100644
index 0000000..ca7d157
--- /dev/null
+++ b/files/etc/logcheck/ignore.d.server/local-tor
@@ -0,0 +1,2 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Heartbeat: Tor's uptime is [[:digit:]]+ days [[:digit:]]+:[[:digit:]]+ hours, with [[:digit:]]+ circuits open. I've sent [[:digit:].]+ MB and received [[:digit:].]+ MB\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Average packaged cell fullness: [[:digit:].]%\. TLS write overhead: [[:digit:]]+%$