fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ännu fler fixar

Browse Source
This commit is contained in:
fredrik
2024-01-21 12:52:37 +01:00
parent 091427c2b9
commit 74dfc5b213
4 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
logcheck-fw-named
View File

@@ -91,7 +91,8 @@
#Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498 #Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498
#Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498 #Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
#Dec 2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465 #Dec 2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-_.[:alnum:]]+\): #Jan 20 19:12:46 nada named[256]: client @0xf20be340 45.148.10.241#23353 (e\003co): query failed (REFUSED) for e\003co/IN/ANY at query.c:5560
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-_.\\[:alnum:]]+\):
#Feb 2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL' #Feb 2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL' ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'

3
logcheck-fw-sshd
View File

@@ -146,7 +146,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange:
#Feb 5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [preauth] #Feb 5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: #Jan 21 09:45:23 nada sshd[14807]: error: kex_protocol_error: type 20 seq 2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex.protocol.error:
#Oct 28 07:58:37 nada sshd[1041]: Connection closed by 141.98.10.82 port 40176 #Oct 28 07:58:37 nada sshd[1041]: Connection closed by 141.98.10.82 port 40176

10
logcheck_debian
View File

@@ -282,7 +282,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1(.[[:digit:]])?(\/SSLv3)?, verify=FAIL, cipher=[-_[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN) ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1(.[[:digit:]])?(\/SSLv3)?, verify=FAIL, cipher=[-_[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
#Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1 #Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\(127.0.0.2\) failed: 1 #Dec 2 17:53:41 nada sendmail[6529]: gethostbyaddr(172.17.0.1) failed: 1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\([.[:digit:]]+\) failed: 1
# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe # Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe
# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe # Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe
@@ -321,7 +322,9 @@
#Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n #Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
#Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n #Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n
#Apr 12 15:05:34 nada sm-mta[20644]: v3CD5WoV020644: [60.191.40.195]: probable open proxy: command=GET / HTTP/1.0\r\n #Apr 12 15:05:34 nada sm-mta[20644]: v3CD5WoV020644: [60.191.40.195]: probable open proxy: command=GET / HTTP/1.0\r\n
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: ([-.[:alnum:]]+ )?\[[.[:digit:]]+\]: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.(0|1)\\r\\n #Jan 20 20:45:31 nada sm-mta[27401]: 40KJjVOo027401: ec2-13-40-30-39.eu-west-2.compute.amazonaws.com [13.40.30.39]: probable open proxy: command=GET /logon.htm HTTP/1.1\r\n
#Jan 20 20:50:45 nada sm-mta[27482]: 40KJojHp027482: ec2-13-40-30-39.eu-west-2.compute.amazonaws.com [13.40.30.39]: probable open proxy: command=GET /login.jsp HTTP/1.1\r\n
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: .*: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.(0|1)\\r\\n
#Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 #Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
@@ -397,7 +400,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session [[:alnum:]]+.|New session [[:alnum:]]+ of user (nobody|fredrik|petter).) ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session [[:alnum:]]+.|New session [[:alnum:]]+ of user (nobody|fredrik|petter).)
#Jan 20 08:06:05 nada dbus-daemon[240]: [system] Reloaded configuration
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dbus-daemon\[[[:digit:]]+\]: \[system\] Reloaded configuration
#Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem... #Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...

2
testlog
View File

@@ -782,6 +782,8 @@ Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredr
Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': deleting rrset at 'casanegra.wahlberg.se' A Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': deleting rrset at 'casanegra.wahlberg.se' A
Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': adding an RR at 'casanegra.wahlberg.se' A 155.4.86.220 Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': adding an RR at 'casanegra.wahlberg.se' A 155.4.86.220
Jan 20 08:06:05 nada dbus-daemon[240]: [system] Reloaded configuration Jan 20 08:06:05 nada dbus-daemon[240]: [system] Reloaded configuration
Jan 20 19:12:46 nada named[256]: client @0xf20be340 45.148.10.241#23353 (e\003co): query failed (REFUSED) for e\003co/IN/ANY at query.c:5560
Jan 21 09:45:23 nada sshd[14807]: error: kex_protocol_error: type 20 seq 2 [preauth]
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem... Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Aug 23 18:39:24 nada fredrik[1713]: Sista raden Aug 23 18:39:24 nada fredrik[1713]: Sista raden