Fler regler

logcheck_debian

@@ -189,7 +189,9 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
 
 #Mar 13 19:06:05 nada named[1771]: client 95.170.86.14#54781: transfer of 'stiy.com/IN': IXFR ended
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN': IXFR ended
+#Mar  3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR started
+#Mar  3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR ended
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN': (IXFR|AXFR-style) (started|ended)
 
 #Mar 11 06:34:44 nada named[1771]: reloading configuration succeeded
 #Mar 11 06:34:44 nada named[1771]: reloading zones succeeded
@@ -222,7 +224,8 @@
 #Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: validating [@[:alnum:]]+: . NS: got insecure response; parent indicates it should be secure
 
-
+#Mar  3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
 
 #
 # SASLAUTHD
@@ -372,7 +375,8 @@
 # Mar 12 04:09:09 nada sshd[23908]: Received disconnect from 195.154.52.9: 3: java.net.SocketTimeoutException: Read timed out [preauth]
 # Mar  8 12:09:30 nada sshd[26267]: Received disconnect from 199.91.135.158: 3: com.jcraft.jsch.JSchException: reject HostKey: 66.23.226.92 [preauth]
 # Feb 28 03:09:57 nada sshd[30462]: Received disconnect from 47.89.188.218: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+: 3: (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException): (reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel) \[preauth\]
+#Mar  3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )3: (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException): (reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel) \[preauth\]
 
 #Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
 #Apr  7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
@@ -468,4 +472,8 @@
 
 #Oct 13 08:31:17 kvarnen systemd[1]: Starting Cleanup of Temporary Directories...
 #Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories.
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
+
+
+#Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ fredrik\[[[:digit:]]+\]: Kontrollrad. Syns detta har vi problem...

testlog

@@ -1,4 +1,5 @@
 första raden i loggen
+Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Mar 16 21:43:05 kvarnen named[8896]: master 66.23.226.92#53 (source 0.0.0.0#0) deleted from unreachable cache
 Mar 16 21:43:05 kvarnen named[8896]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#37390
 Mar 17 04:51:05 kvarnen freshclam[485]: Empty script main-56.cdiff, need to download entire database
@@ -240,7 +241,6 @@ Mar  2 07:21:44 nada spamc[16024]: connect to spamd on 127.0.0.1 failed, retryin
 Mar  2 14:16:53 marconi sshd[4282]: Connection closed by 163.172.210.106 port 56708 [preauth]
 Mar  2 13:42:26 marconi sshd[25003]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
 Mar  2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
-Aug 23 18:39:24 nada fredrik[1713]: Sista raden ska inte synas
 Mar  2 17:16:35 marconi systemd-logind[1241]: New session 85612 of user fredrik.
 Mar  2 17:16:35 marconi systemd-logind[1241]: Removed session 85603.
 Mar  2 16:25:24 marconi dhclient[22777]: bound to 192.168.1.118 -- renewal in 30618 seconds.
@@ -408,4 +408,8 @@ Mar  3 00:00:01 marconi BACKUP: Hemkatalogerna
 Mar  3 00:01:06 marconi BACKUP: Etc
 Mar  3 00:01:09 marconi BACKUP: Prylarna i opt
 Mar  3 00:01:26 marconi BACKUP: Webservern
-Mar  3 12:57:42 nada sshd(pam_google_authenticator)[20838]: Failed to update secret file "/root/.google_authenticator"
+Mar  3 12:57:42 nada sshd(pam_google_authenticator)[20838]: Failed to update secret file "/root/.google_authenticator"
+Mar  3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
+Mar  3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
+
+Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...