fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Uppdaterat reglerna

Browse Source
This commit is contained in:
fredrik
2017-04-21 09:29:14 +02:00
parent 0184773321
commit 59b1d4b925
2 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
logcheck_debian
View File

@@ -26,7 +26,9 @@
#Mar 17 06:27:00 kvarnen freshclam[485]: Downloading main.cvd [100%]
#Apr 8 19:43:15 kvarnen freshclam[485]: Downloading bytecode.cvd [100%]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading (daily-[0-9]+.cdiff|main.cvd|bytecode.cvd) \[100%\] ?$
#Apr 20 15:39:53 nada freshclam[302]: Downloading bytecode-293.cdiff [100%]
#Apr 20 23:40:45 nada freshclam[302]: Downloading bytecode-294.cdiff [100%]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading ((daily|bytecode)-[0-9]+.cdiff|main.cvd|bytecode.cvd) \[100%\] ?$
# Mar 11 07:30:29 kvarnen freshclam[485]: nonblock_connect: connect timing out (30 secs)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: nonblock_connect: connect timing out \(30 secs\)
@@ -175,6 +177,14 @@
#Apr 10 21:18:28 nada HORDE: User is not authorized for horde [pid 28010 on line 324 of "/usr/share/php/Horde/Registry.php"]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: User is not authorized for (imp|horde)
#Apr 18 13:27:36 nada HORDE: [imp] Message sent to fram.art@comhem.se from katarina (213.112.4.122) [pid 12862 on line 964 of "/usr/share/horde/imp/lib/Compose.php"]
#Apr 18 14:38:04 nada HORDE: [imp] Message sent to hello@happysthlm.se from katarina (213.112.4.122) [pid 1013 on line 964 of "/usr/share/horde/imp/lib/Compose.php"]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: \[imp\] Message sent to
Apr 21 04:37:54 nada HORDE: [imp] PHP ERROR: Invalid argument supplied for foreach() [pid 7168 on line 96 of "/usr/share/horde/imp/lib/Factory/MailboxList.php"]
Apr 20 04:49:50 nada HORDE: [imp] PHP ERROR: Invalid argument supplied for foreach() [pid 27097 on line 96 of "/usr/share/horde/imp/lib/Factory/MailboxList.php"]
Apr 20 13:03:42 nada HORDE: [gollem] PHP ERROR: Invalid argument supplied for foreach() [pid 6356 on line 338 of "/usr/share/horde/gollem/lib/Auth.php"]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: \[(imp|gollem)\] PHP ERROR: Invalid argument supplied for foreach\(\)
@@ -268,7 +278,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
#Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad compression pointer
#Apr 20 20:40:11 marconi named[11602]: client 125.64.94.201#52717: message parsing failed: bad label type
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad (compression pointer|label type)
#Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-.[:alnum:]]+/IN: loaded serial [[:digit:]]+
@@ -585,6 +596,15 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Apr 13 09:47:05 marconi sshd[695]: error: Received disconnect from 37.229.184.255 port 61294:2: Handshake failed [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\]
# Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66]
# Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old"
# Apr 18 17:29:31 nada internal-sftp[9277]: closedir "/home/petter/www.lidberg.se/mazda/Old"
# Apr 18 17:29:38 nada internal-sftp[9277]: open "/home/petter/www.lidberg.se/mazda/Old/demo.html" flags READ mode 0666
# Apr 18 17:29:38 nada internal-sftp[9277]: close "/home/petter/www.lidberg.se/mazda/Old/demo.html" bytes read 3754 written 0
# Apr 18 17:33:38 nada internal-sftp[9277]: session closed for local user petter from [212.16.177.66]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ internal-sftp\[[[:digit:]]+\]:
@@ -617,7 +637,10 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0)
#Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user nobody( by \(uid=0\))?
#Apr 18 17:29:30 nada systemd: pam_unix(systemd-user:session): session opened for user petter by (uid=0)
#Apr 18 17:33:38 nada systemd: pam_unix(systemd-user:session): session closed for user petter
#Apr 11 15:12:51 nada systemd: pam_unix(systemd-user:session): session closed for user fredrik
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user (nobody|fredrik|petter)( by \(uid=0\))?
@@ -628,8 +651,9 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12.
#Apr 11 10:58:01 nada systemd-logind[306]: New session c14 of user fredrik.
#Apr 11 11:04:24 nada systemd-logind[306]: New session c15 of user fredrik.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session [[:alnum:]]+.|New session [[:alnum:]]+ of user (nobody|fredrik).)
Apr 11 15:12:51 nada systemd: pam_unix(systemd-user:session): session closed for user fredrik
#Apr 18 17:29:30 nada systemd-logind[305]: New session c36 of user petter.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session [[:alnum:]]+.|New session [[:alnum:]]+ of user (nobody|fredrik|petter).)