]> git.netwichtig.de Git - user/henk/code/puppet/modules/logcheck.git/blobdiff - files/etc/logcheck/ignore.d.server/local-iptables
projects / user / henk / code / puppet / modules / logcheck.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
update for high precision rsyslog timestamps
[user/henk/code/puppet/modules/logcheck.git] / files / etc / logcheck / ignore.d.server / local-iptables
diff --git a/files/etc/logcheck/ignore.d.server/local-iptables b/files/etc/logcheck/ignore.d.server/local-iptables
index 4f5603244d5a53c135046137411650fe6aa60f0b..52c95f21a44f075cfddc9e510d08ba654f58b535 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-iptables
+++ b/files/etc/logcheck/ignore.d.server/local-iptables
@@ -1,2 +1,2 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] unknown INPUT traffic: IN=[[:alnum:]]+ OUT= MAC=[[:xdigit:]:.]+ SRC=[[:xdigit:]:.]+ DST=[[:xdigit:]:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP|132|41|155|253)( SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:xdigit:]]+ (CWR )?(ECE )?(PSH )?(SYN |ACK |RST )+(PSH )?URGP=[[:digit:]]+|LEN=[[:digit:]]+))?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] [[:alnum:]]+ bruteforce attempt: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x00 (CWR ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] unknown INPUT traffic: IN=[[:alnum:]]+ OUT= MAC=[[:xdigit:]:.]+ SRC=[[:xdigit:]:.]+ DST=[[:xdigit:]:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP|132|41|155|253)( SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:xdigit:]]+ (CWR )?(ECE )?(PSH )?(SYN |ACK |RST )+(PSH )?URGP=[[:digit:]]+|LEN=[[:digit:]]+))?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] [[:alnum:]]+ bruteforce attempt: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x00 (CWR ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$