From: Hendrik Jäger Date: Tue, 17 Mar 2020 07:48:50 +0000 (+0200) Subject: Update logcheck rules X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=9f2769f78fe753a6fbd72e5c9156685a9702002d;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git Update logcheck rules --- diff --git a/files/etc/logcheck/ignore.d.server/local-nsd b/files/etc/logcheck/ignore.d.server/local-nsd index 2bd395c..0810908 100644 --- a/files/etc/logcheck/ignore.d.server/local-nsd +++ b/files/etc/logcheck/ignore.d.server/local-nsd @@ -3,14 +3,15 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: failed reading from [[:xdigit:].:]+ tcp: Connection reset by peer$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Handle incoming notify for zone [[:alnum:].-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: memory recyclebin holds [[:digit:]] bytes$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].]+ from [[:xdigit:].:]+ serial [[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: notify for [[:alnum:].-]+ from [[:xdigit:].:]+ serial [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: Notify received and accepted, forward to xfrd$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: NSTATS [[:digit:]]+ [[:digit:]]+ (A=[[:digit:]]+ )?(NS=[[:digit:]]+ )?(CNAME=[[:digit:]]+ )?(SOA=[[:digit:]]+ )?(PTR=[[:digit:]]+ )?(MX=[[:digit:]]+ )?(TXT=[[:digit:]]+ )?(AAAA=[[:digit:]]+ )?(SRV=[[:digit:]]+ )?(NAPTR=[[:digit:]]+ )?(TYPE38=[[:digit:]]+ )?(NSEC=[[:digit:]]+ )?(DNSKEY=[[:digit:]]+ )?(SPF=[[:digit:]]+ )?(TYPE251=[[:digit:]]+ )?(TYPE252=[[:digit:]]+ )?TYPE255=[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: packet too small, dropping tcp connection$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: signal received, reloading\.\.\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: writing zone [[:alnum:].-]+ to file [[:alnum:]/.-]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].]+ committed "received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+"$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].-]+ committed "received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+"$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: xfrd: zone [[:alnum:].-]+ written received XFR from [[:digit:].]+ with serial [[:digit:]]+ to disk$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: XSTATS [[:digit:]]+ [[:digit:]]+ RR=[[:digit:]]+ RNXD=[[:digit:]]+ RFwdR=[[:digit:]]+ RDupR=[[:digit:]]+ RFail=[[:digit:]]+ RFErr=[[:digit:]]+ RErr=[[:digit:]]+ RAXFR=[[:digit:]]+ RLame=[[:digit:]]+ ROpts=[[:digit:]]+ SSysQ=[[:digit:]]+ SAns=[[:digit:]]+ SFwdQ=[[:digit:]]+ SDupQ=[[:digit:]]+ SErr=[[:digit:]]+ RQ=[[:digit:]]+ RIQ=[[:digit:]]+ RFwdQ=[[:digit:]]+ RDupQ=[[:digit:]]+ RTCP=[[:digit:]]+ SFwdR=[[:digit:]]+ SFail=[[:digit:]]+ SFErr=[[:digit:]]+ SNaAns=[[:digit:]]+ SNXD=[[:digit:]]+ RUQ=[[:digit:]]+ RURQ=[[:digit:]]+ RUXFR=[[:digit:]]+ RUUpd=[[:digit:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: zone [[:alnum:].]+\. received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+ of [[:digit:]]+ bytes in [[:digit:]e.-]+ seconds$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: zone [[:alnum:].-]+\. received update to serial [[:digit:]]+ at [[:digit:]T:-]+ from [[:xdigit:].:]+ of [[:digit:]]+ bytes in [[:digit:]e.-]+ seconds$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nsd\[[[:digit:]]+\]: [Zz]one [[:alnum:].-]+ serial [[:digit:]]+ is updated to [[:digit:]]+\.$ + diff --git a/files/etc/logcheck/ignore.d.server/local-spamd b/files/etc/logcheck/ignore.d.server/local-spamd index 4d02853..3c379c1 100644 --- a/files/etc/logcheck/ignore.d.server/local-spamd +++ b/files/etc/logcheck/ignore.d.server/local-spamd @@ -3,3 +3,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]: pyzor: \[[[:digit:]]+\] error: TERMINATED, signal 15 \(000f\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=[[:digit:]]+ euid=[[:digit:]]+ rgid=[[:digit:]]+ 8 45 108 egid=[[:digit:]]+ 8 45 108$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: new_dns_packet: domain is utf8 flagged: [[:alnum:].-]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [0-2] idle children less than 1 minimum idle children\. Increasing spamd children: [[:digit:]]+ started\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [3-5] idle children more than 2 minimum idle children\. Decreasing spamd children: [[:digit:]]+ killed\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: handled cleanup of child pid \[[[:digit:]]+\] due to SIGCHLD: interrupted, signal 2 \(0002\)$ + diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor new file mode 100644 index 0000000..ca7d157 --- /dev/null +++ b/files/etc/logcheck/ignore.d.server/local-tor @@ -0,0 +1,2 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Heartbeat: Tor's uptime is [[:digit:]]+ days [[:digit:]]+:[[:digit:]]+ hours, with [[:digit:]]+ circuits open. I've sent [[:digit:].]+ MB and received [[:digit:].]+ MB\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Average packaged cell fullness: [[:digit:].]%\. TLS write overhead: [[:digit:]]+%$