From 041f4e21f3c4ea1a3e6dadbb49c56e64f7b7a837 Mon Sep 17 00:00:00 2001 From: Hendrik Jäger Date: Mon, 30 Oct 2023 13:45:37 +0100 Subject: update rules --- files/etc/logcheck/ignore.d.server/local-dovecot | 2 +- files/etc/logcheck/ignore.d.server/local-knot | 33 ++++++++++++++++++++++++ files/etc/logcheck/ignore.d.server/local-tor | 1 + 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 files/etc/logcheck/ignore.d.server/local-knot diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index b75ac06..992632a 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -16,7 +16,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected:( Disconnected:)?( [[:lower:]_]+=[[:digit:]]+)*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity in IDLE( [[:lower:]_]+=[[:digit:]]+)*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity( [[:lower:]_]+=[[:digit:]]+)*$ -^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for 1800 secs( [[:lower:]_]+=[[:digit:]]+)*$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for [[:digit:]]+ secs( [[:lower:]_]+=[[:digit:]]+)*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out in IDLE( [[:lower:]_]+=[[:digit:]]+)*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out( [[:lower:]_]+=[[:digit:]]+)*$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Too many invalid IMAP commands\. in IDLE( [[:lower:]_]+=[[:digit:]]+)*$ diff --git a/files/etc/logcheck/ignore.d.server/local-knot b/files/etc/logcheck/ignore.d.server/local-knot new file mode 100644 index 0000000..bc89efc --- /dev/null +++ b/files/etc/logcheck/ignore.d.server/local-knot @@ -0,0 +1,33 @@ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, finished, serial [[:digit:]]+ -> [[:digit:]]+, 0.[[:digit:]]+ seconds$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, processing [[:digit:]]+ updates$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+ -> [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes, expires in [[:digit:]]+ seconds$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] notify, outgoing, remote [[:xdigit:].:]+@53, serial [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] refresh, remote [[:xdigit:].:]+@53, remote serial [[:digit:]]+, zone is up-to-date, expires in [[:digit:]]+ seconds$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file parsed, serial [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file updated, serial [[:digit:]]+ -> [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone will be loaded$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info binding to interface [[:xdigit:].:]+@53$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changed directory to /$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing GID to [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing UID to [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info configuration reloaded$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, binding to '/run/knot/knot.sock'$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'reload'$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'status'$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'stop'$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info Knot DNS [[:digit:].]+ starting$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loaded configuration file '/etc/knot/knot.conf', mapsize 500 MiB$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loading [[:digit:]]+ zones$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info process not allowed to set capabilities, skipping$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info reloading configuration file '/etc/knot/knot.conf'$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info server started as a daemon, PID [[:digit:]]+$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info shutting down$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info starting server$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info stopping server$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info updating persistent timer DB$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info using UDP reuseport, incoming TCP Fast Open$ diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor index e4708fe..e39da89 100644 --- a/files/etc/logcheck/ignore.d.server/local-tor +++ b/files/etc/logcheck/ignore.d.server/local-tor @@ -11,3 +11,4 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Tor has been idle for [[:digit:]]+ seconds; assuming established circuits no longer work\.$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: We compiled with OpenSSL 101010ef: OpenSSL 1\.1\.1n 15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n\. These two versions should be binary compatible\.$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: While (not )?bootstrapping, fetched this many bytes: [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\)(; [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\))*$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Measuring circuit timeout 4-hop circuit in state doing handshakes with channel state open\) to 60000ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$ -- cgit v1.2.3