kolan
/
etc-config
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
etc-config/logcheck/ignore.d.server/backbone

44 lines
2.5 KiB
Plaintext
Raw Blame History

# dovecot
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+.*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Disconnected: Logged out.*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Connection closed in.*$
# cron
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (CROND|crond|run-crons)(\[[0-9]+\])?: .*$
# syn-flood
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: IPTables SYN-FLOOD: .*$
# pure-ftpd
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: [^[]*\[INFO\].*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: [^[]*\[NOTICE\].*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: \([^)]+\) \[WARNING\] Authentication failed for user .*$
# sshd
#^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: .*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: (Connection closed by invalid|Invalid user|Did not receive identification|Connection closed by|Received disconnect from|Disconnecting authenticating user|error: maximum authentication|Disconnected from|Disconnecting invalid user|Unable to negotiate with|Bad protocol version identification|error: Received disconnect from).*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: Connection reset by .*$
# sshguard
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshguard(\[[0-9]+\])?: [0-9.]+ has already been blocked$
# nscd
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd(\[[0-9]+\])?: .*$
# dovecot
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: imap\([^)]+\): (Logged out|Connection closed|Disconnected for inactivity).*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: imap-login: (Aborted login|Disconnected).*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: auth: Warning: auth client [0-9]+ disconnected.*$
# postfix
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(\/smtp|\/master)?d?(\[[0-9]+\])?: (disconnect from|warning: hostname [^ ]+ does not resolve to address|improper command pipelining|[0-9ABCDEF]+: client=|warning:|using backwards-compatible default setting).*$
# auth
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth(\[[0-9]+\])?: pam_unix\(smtp:auth\): (check pass; user unknown|authentication failure).*$
# ntpd
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ntpd(\[[0-9]+\])?: .*$
# syslog-ng
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syslog-ng(\[[0-9]+\])?: .*$
Reference in New Issue View Git Blame Copy Permalink