fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fler nya relger från Marconi

Browse Source
This commit is contained in:
fredrik
2017-03-05 09:38:28 +01:00
parent 6af3d6d3aa
commit 446119e958
3 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
logcheck_debian
View File

@@ -227,6 +227,10 @@
#Mar 3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
#Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad compression pointer
#
# SASLAUTHD
#
@@ -319,6 +323,8 @@
#Oct 24 06:04:11 nada sm-mta[7813]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.adlibris.com, reject=403 4.7.0 TLS handshake failed.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: ruleset=tls_server, arg1=SOFTWARE, relay=[.[:alnum:]]+, reject=403 4.7.0 TLS handshake failed.
#Mar 4 09:14:31 nada sm-mta[25219]: v248EUKL025219: AUTH decode64 error [-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\\r"\], relay=\[[.:[:digit:]]+\]
#
# SPAMD
@@ -437,7 +443,8 @@
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
#May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [._[:alnum:]]+(\\\\r)? \[preauth\]
Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([._[:alnum:]]+(\\\\r| )?) \[preauth\]
#Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root
#Oct 24 06:33:25 nada sshd[10577]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-68-161-233-215.ny325.east.verizon.net user=lp
@@ -475,5 +482,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
#Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ fredrik\[[[:digit:]]+\]: Kontrollrad. Syns detta har vi problem...