From 446119e95838a4ff0f19b92c65d68850c05a9c8c Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sun, 5 Mar 2017 09:38:28 +0100
Subject: [PATCH] =?UTF-8?q?Fler=20nya=20relger=20fr=C3=A5n=20Marconi?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 logcheck_debian | 11 ++++++++++-
 logcheck_ubuntu | 26 ++++++++++++++++++++++++++
 testlog         | 10 ++++++++++
 3 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/logcheck_debian b/logcheck_debian
index 44d3d45..05a91fd 100644
--- a/logcheck_debian
+++ b/logcheck_debian
@@ -227,6 +227,10 @@
 #Mar  3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
 
+#Mar  4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad compression pointer
+
+
 #
 # SASLAUTHD
 #
@@ -319,6 +323,8 @@
 #Oct 24 06:04:11 nada sm-mta[7813]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.adlibris.com, reject=403 4.7.0 TLS handshake failed.
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: ruleset=tls_server, arg1=SOFTWARE, relay=[.[:alnum:]]+, reject=403 4.7.0 TLS handshake failed.
 
+#Mar  4 09:14:31 nada sm-mta[25219]: v248EUKL025219: AUTH decode64 error [-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\\r"\], relay=\[[.:[:digit:]]+\]
 
 #
 #  SPAMD
@@ -437,7 +443,8 @@
 \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
 
 #May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [._[:alnum:]]+(\\\\r)? \[preauth\]
+Mar  4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user  [preauth]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([._[:alnum:]]+(\\\\r| )?) \[preauth\]
 
 #Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy  user=root
 #Oct 24 06:33:25 nada sshd[10577]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-68-161-233-215.ny325.east.verizon.net  user=lp
@@ -475,5 +482,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
 
 
+
+
 #Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ fredrik\[[[:digit:]]+\]: Kontrollrad. Syns detta har vi problem...
diff --git a/logcheck_ubuntu b/logcheck_ubuntu
index bf8b4d1..6c0bb94 100644
--- a/logcheck_ubuntu
+++ b/logcheck_ubuntu
@@ -124,6 +124,30 @@
 
 
 
+
+#
+# Specialregler för Marconi
+#
+#Mar  4 16:21:01 marconi sudo:  fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
+#Mar  5 00:00:01 marconi sudo:  fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo:  fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
+
+
+
+#
+# SAMBA
+#
+
+#Mar  5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823,  0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler)
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nmbd\[[[:digit:]]+\]: \[[ .:,/[:digit:]]+
+
+#Mar  5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792332,  0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
+
+
+
+
+
+
 #
 # TELLDUSD
 #
@@ -131,6 +155,8 @@
 #Mar  2 16:48:02 marconi telldusd: Execute a TellStick Action for device 1
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ telldusd: Execute a TellStick Action for device [[:digit:]]
 
+#Mar  4 18:46:37 marconi telldusd: message repeated 2 times: [ Execute a TellStick Action for device 4]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ telldusd: message repeated [[:digit:]] times: \[ Execute a TellStick Action for device [[:digit:]]\]
 
 
 
diff --git a/testlog b/testlog
index 1ec7b98..da21e8d 100644
--- a/testlog
+++ b/testlog
@@ -411,5 +411,15 @@ Mar  3 00:01:26 marconi BACKUP: Webservern
 Mar  3 12:57:42 nada sshd(pam_google_authenticator)[20838]: Failed to update secret file "/root/.google_authenticator"
 Mar  3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
 Mar  3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
+Mar  4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user  [preauth]
+Mar  4 09:14:31 nada sm-mta[25219]: v248EUKL025219: AUTH decode64 error [-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
+Mar  4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
+Mar  4 16:21:01 marconi sudo:  fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
+Mar  4 18:46:37 marconi telldusd: message repeated 2 times: [ Execute a TellStick Action for device 4]
+Mar  5 00:00:01 marconi sudo:  fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
+Mar  5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823,  0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler)
+Mar  5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792332,  0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
+Mar  5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792760,  0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
+Aug 23 18:39:24 nada fredrik[1713]: Sista raden