update rules

diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot
index b75ac062b4dbf0ecee82ce7dc09a69132889556f..992632ad90bad6489545e030817b65891f458b1d 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-dovecot
+++ b/files/etc/logcheck/ignore.d.server/local-dovecot
@@ -16,7 +16,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected:( Disconnected:)?( [[:lower:]_]+=[[:digit:]]+)*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity in IDLE( [[:lower:]_]+=[[:digit:]]+)*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected for inactivity( [[:lower:]_]+=[[:digit:]]+)*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for 1800 secs( [[:lower:]_]+=[[:digit:]]+)*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Inactivity - no input for [[:digit:]]+ secs( [[:lower:]_]+=[[:digit:]]+)*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out in IDLE( [[:lower:]_]+=[[:digit:]]+)*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Logged out( [[:lower:]_]+=[[:digit:]]+)*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)(<[[:digit:]]+><[[:alnum:]+/]+>)?: Disconnected: Too many invalid IMAP commands\. in IDLE( [[:lower:]_]+=[[:digit:]]+)*$

diff --git a/files/etc/logcheck/ignore.d.server/local-knot b/files/etc/logcheck/ignore.d.server/local-knot
new file mode 100644 (file)
index 0000000..bc89efc
--- /dev/null
+++ b/files/etc/logcheck/ignore.d.server/local-knot
@@ -0,0 +1,33 @@
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-+\] AXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, finished, serial [[:digit:]]+ -> [[:digit:]]+, 0.[[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] DDNS, processing [[:digit:]]+ updates$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, finished, 0.[[:digit:]]+ seconds, [[:digit:]]+ messages, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] IXFR, outgoing, remote [[:xdigit:].:@]+, started, serial [[:digit:]]+ -> [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] loaded, serial none -> [[:digit:]]+, [[:digit:]]+ bytes, expires in [[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] notify, outgoing, remote [[:xdigit:].:]+@53, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] refresh, remote [[:xdigit:].:]+@53, remote serial [[:digit:]]+, zone is up-to-date, expires in [[:digit:]]+ seconds$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file parsed, serial [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone file updated, serial [[:digit:]]+ -> [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info \[[[:alnum:].-]+\] zone will be loaded$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info binding to interface [[:xdigit:].:]+@53$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changed directory to /$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing GID to [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info changing UID to [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info configuration reloaded$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, binding to '/run/knot/knot.sock'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'reload'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'status'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info control, received command 'stop'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info Knot DNS [[:digit:].]+ starting$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loaded configuration file '/etc/knot/knot.conf', mapsize 500 MiB$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info loading [[:digit:]]+ zones$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info process not allowed to set capabilities, skipping$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info reloading configuration file '/etc/knot/knot.conf'$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info server started as a daemon, PID [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info shutting down$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info starting server$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info stopping server$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info updating persistent timer DB$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ knot\[[[:digit:]]+\]: info using UDP reuseport, incoming TCP Fast Open$

diff --git a/files/etc/logcheck/ignore.d.server/local-tor b/files/etc/logcheck/ignore.d.server/local-tor
index e4708fe64623eeac1337830da2a4a87a8d3091f6..e39da8983456145c1a3824b11c6a64806c7c87a7 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-tor
+++ b/files/etc/logcheck/ignore.d.server/local-tor
@@ -11,3 +11,4 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: Tor has been idle for [[:digit:]]+ seconds; assuming established circuits no longer work\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: We compiled with OpenSSL 101010ef: OpenSSL 1\.1\.1n  15 Mar 2022 and we are running with OpenSSL 101010ef: 1.1.1n\. These two versions should be binary compatible\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: While (not )?bootstrapping, fetched this many bytes: [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\)(; [[:digit:]]+ \((consensus network-status fetch|authority cert fetch|microdescriptor fetch)\))*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ Tor\[[[:digit:]]+\]: No circuits are opened\. Relaxed timeout for circuit [[:digit:]]+ \(a Measuring circuit timeout 4-hop circuit in state doing handshakes with channel state open\) to 60000ms\. However, it appears the circuit has timed out anyway\.( \[[[:digit:]] similar message\(s\) suppressed in last [[:digit:]]+ seconds\])?$