]> git.netwichtig.de Git - user/henk/code/puppet/modules/logcheck.git/blobdiff - files/etc/logcheck/ignore.d.server/local-ssh
projects / user / henk / code / puppet / modules / logcheck.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
update rules
[user/henk/code/puppet/modules/logcheck.git] / files / etc / logcheck / ignore.d.server / local-ssh
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh
index a1d5bf14949f348f72a77d840523e6c364a89684..fbf026d72373c419661c87ef32b694c781662132 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-ssh
+++ b/files/etc/logcheck/ignore.d.server/local-ssh
@@ -29,7 +29,8 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection closed by remote host$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection reset by peer$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_protocol_error: type [[:digit:]]+ seq [[:digit:]]+ \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for (invalid user [[:alnum:][:space:][:digit:]@\\!._-]*|root|sshd|mysql|ftp|nagios|postgres|redis) from [:.[:xdigit:]]+ port [[:digit:]]+ ssh2 \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: service\(sshd\) ignoring max retries; [[:digit:]] > [[:digit:]]$
@@ -85,6 +86,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: userauth_finish: (Connection reset by peer|Broken pipe) \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection reset by peer|Broken pipe) \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Timeout before authentication for [[:xdigit:]:.]+ port [[:digit:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [[:alnum:][:space:].:+-]+\[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: invalid public DH value: <= 1 \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [[:alnum:][:space:][:digit:][:punct:]]* from [:.[:xdigit:]]+ port [[:digit:]]+$