fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Nya regler

Browse Source
This commit is contained in:
fredrik
2017-11-07 11:21:59 +01:00
parent a0fc495d4c
commit 7732051fc5
3 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
logcheck_debian
View File

@@ -30,6 +30,11 @@
#Apr 20 23:40:45 nada freshclam[302]: Downloading bytecode-294.cdiff [100%]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading ((daily|bytecode)-[0-9]+.cdiff|main.cvd|bytecode.cvd) \[100%\] ?$
#Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (main.cvd): OK (IMS)
#Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (daily.cvd): OK
#Nov 7 09:58:49 nada freshclam[304]: Reading CVD header (bytecode.cvd): OK
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Reading CVD header \((main|daily|bytecode).cvd\): OK( \(IMS\))?
# Mar 11 07:30:29 kvarnen freshclam[485]: nonblock_connect: connect timing out (30 secs)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: nonblock_connect: connect timing out \(30 secs\)
@@ -95,6 +100,11 @@
#Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1
\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamav-milter: ClamAV: mi_stop=1
#Nov 7 09:58:47 nada freshclam[304]: WARNING: DNS record is older than 3 hours.
#Nov 7 09:58:47 nada freshclam[304]: WARNING: Invalid DNS reply. Falling back to HTTP mode.
\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: WARNING: (DNS record is older than 3 hours.|Invalid DNS reply. Falling back to HTTP mode.)
#
# DOVECOT

12
logcheck_ubuntu
View File

@@ -63,6 +63,14 @@
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ mosquitto\[[[:digit:]]+\]:
#
# MOTD
#
#Nov 7 10:35:56 marconi 50-motd-news[31369]: * Ubuntu 17.10 releases with Gnome, Kubernetes 1.8, and minimal
#Nov 7 10:35:56 marconi 50-motd-news[31369]: base images
#Nov 7 10:35:56 marconi 50-motd-news[31369]: - https://ubu.one/u1710
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ 50-motd-news\[[[:digit:]]+\]:
#
# NAMED
@@ -119,7 +127,9 @@
#Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman#Sep 9 10:56:11 marconi sshd[2798]: fatal: Unable to negotiate with 54.156.158.234 port 41078: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
#Sep 9 10:56:12 marconi sshd[2802]: fatal: Unable to negotiate with 54.156.158.234 port 41330: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
#Sep 9 10:56:14 marconi sshd[2816]: fatal: Unable to negotiate with 54.156.158.234 port 42036: no matching host key type found. Their offer: ssh-dss [preauth]-group-exchange-sha1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching (host key type|key exchange method) found. Their offer: [-,[:alnum:]]+ \[preauth\]
#Nov 7 10:50:46 marconi sshd[3881]: Unable to negotiate with 173.255.227.186 port 51816: no matching host key type found. Their offer: ssh-dss [preauth]
OA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( fatal:)? Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching (host key type|key exchange method) found. Their offer: [-,[:alnum:]]+ \[preauth\]
#Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\]

9
testlog
View File

@@ -607,6 +607,15 @@ Nov 2 11:55:16 marconi sshd[496]: Connection closed by authenticating user root
Nov 2 13:11:27 marconi sshd[31688]: Disconnecting invalid user admin 114.97.151.158 port 40382: Too many authentication failures [preauth]
Nov 2 13:26:23 marconi sshd[4249]: Disconnected from user fredrik 66.23.226.92 port 38190
Nov 2 13:28:15 marconi sshd[5020]: Disconnected from user fredrik 66.23.226.92 port 39248
Nov 7 09:58:47 nada freshclam[304]: WARNING: DNS record is older than 3 hours.
Nov 7 09:58:47 nada freshclam[304]: WARNING: Invalid DNS reply. Falling back to HTTP mode.
Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (main.cvd): OK (IMS)
Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (daily.cvd): OK
Nov 7 09:58:49 nada freshclam[304]: Reading CVD header (bytecode.cvd): OK
Nov 7 10:35:56 marconi 50-motd-news[31369]: * Ubuntu 17.10 releases with Gnome, Kubernetes 1.8, and minimal
Nov 7 10:35:56 marconi 50-motd-news[31369]: base images
Nov 7 10:35:56 marconi 50-motd-news[31369]: - https://ubu.one/u1710
Nov 7 10:50:46 marconi sshd[3881]: Unable to negotiate with 173.255.227.186 port 51816: no matching host key type found. Their offer: ssh-dss [preauth]
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...