From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Mon, 29 Apr 2024 09:51:36 +0000 (+0200)
Subject: update rules
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=68529fcbf3c27f8bbb102450e11eb4d413398ec2;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

update rules
---

diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor
index 969b36b..4911d8f 100644
--- a/files/etc/logcheck/ignore.d.server/local-tor
+++ b/files/etc/logcheck/ignore.d.server/local-tor
@@ -1,15 +1,16 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Average packaged cell fullness: [[:digit:].]+%\. TLS write overhead: [[:digit:]]+%$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Bootstrapped 0% \(starting\): Starting$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]:( Heartbeat:)? Our onion service received( [[:digit:]]+ v2 and)? [[:digit:]]+ v3 INTRODUCE2 cells and attempted to launch [[:digit:]]+ rendezvous circuits\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Heartbeat: Tor's uptime is ([[:digit:]]+ day(s)? )?[[:digit:]]+:[[:digit:]]+ hours, with [[:digit:]]+ circuits open. I've sent [[:digit:].]+ [GMk]B and received [[:digit:].]+ [GMk]B\.( I've received [[:digit:]]+ connections on IPv4 and [[:digit:]]+ on IPv6. I've made [[:digit:]]+ connections with IPv4 and [[:digit:]]+ with IPv6\.)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: http status 400 \("Nonauthoritative directory does not accept posted server descriptors"\) response from dirserver '[[:xdigit:]:.]+:[[:digit:]]+'\. Malformed rendezvous descriptor\?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Interrupt: exiting cleanly\.$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]:( Heartbeat:)? Our onion service received( [[:digit:]]+ v2 and)? [[:digit:]]+ v3 INTRODUCE2 cells and attempted to launch [[:digit:]]+ rendezvous circuits\.$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Hidden service: Uploading HS descriptor 4-hop circuit in state doing handshakes with channel state open\) to [[:digit:]]+ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Measuring circuit timeout 4-hop circuit in state doing handshakes with channel state open\) to [[:digit:]]+ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Parsing GEOIP IPv4 file /usr/share/tor/geoip\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6\.$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Possible compression bomb; abandoning stream\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Received http status code 404 \("Consensus is too old"\) from server '[[:xdigit:]:.]+:443' while fetching consensus directory\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Starting with guard context "default"$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Tor has been idle for [[:digit:]]+ seconds; assuming established circuits no longer work\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: We compiled with OpenSSL 101010ef: OpenSSL 1\.1\.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n\. These two versions should be binary compatible\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: While (not )?bootstrapping, fetched this many bytes: [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\)(; [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\))*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Measuring circuit timeout 4-hop circuit in state doing handshakes with channel state open\) to [[:digit:]]+ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Hidden service: Uploading HS descriptor 4-hop circuit in state doing handshakes with channel state open\) to [[:digit:]]+ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$