fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ny regler för Ubuntu 17.10

Browse Source
This commit is contained in:
fredrik
2017-11-02 08:51:50 +01:00
parent 299753ae41
commit 7858c1ffd4
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
logcheck_ubuntu
View File

@@ -78,7 +78,8 @@
#
#Mar 2 14:16:53 marconi sshd[4282]: Connection closed by 163.172.210.106 port 56708 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
#Nov 2 07:25:58 marconi sshd[22932]: Connection closed by invalid user foo 175.6.27.49 port 6920 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by (invalid user [[:alnum:]]+ )?[.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
#Mar 2 13:42:26 marconi sshd[25003]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
#Mar 2 17:00:04 marconi sshd[31419]: Received disconnect from 116.31.116.18 port 20137:11: [preauth]
@@ -87,6 +88,10 @@
#Mar 2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [.:[:digit:]]+ (port [.:[:digit:]]+ )?
#Nov 2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
#Nov 2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (invalid|authenticating) user [[:alnum:]]+ [.:[:digit:]]+ (port [.:[:digit:]]+ )?
#Mar 2 17:00:24 marconi sshd[556]: Connection reset by 119.147.115.37 port 1841 [preauth]
#Mar 2 17:07:35 marconi sshd[2635]: Connection reset by 119.147.115.37 port 1070 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by [.:[:digit:]]+ port [.:[:digit:]]+ \[preauth\]
@@ -118,9 +123,15 @@
#Feb 27 18:16:55 marconi sshd[30123]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
#Nov 2 07:34:15 marconi sshd[26033]: Did not receive identification string from 163.172.136.101 port 37627
#Nov 2 07:48:30 marconi sshd[30673]: Did not receive identification string from 121.156.90.110 port 44398
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from [.:[:digit:]]+ port [.:[:digit:]]+
#Nov 2 07:34:03 marconi sshd[25979]: ssh_dispatch_run_fatal: Connection from 170.250.140.52 port 45852: DH GEX group out of range [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [.:[:digit:]]+: DH GEX group out of range \[preauth\]
#Nov 2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting authenticating user root [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
#
# SYSTEMD

9
testlog
View File

@@ -585,6 +585,15 @@ Sep 8 20:49:21 nada sm-mta[14243]: STARTTLS: read error=syscall error (-1), err
Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Sep 11 11:32:09 cocacola sshd[5924]: Received disconnect from 5.189.139.2: 11: Normal Shutdown, Thank you for playing [preauth]
Sep 8 13:32:49 marconi sshd[20127]: Received disconnect from 103.27.239.143 port 40512:11: Normal Shutdown, Thank you for playing [preauth]
Sep 12 00:02:08 cocacola sm-mta[8158]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 2 07:25:58 marconi sshd[22932]: Connection closed by invalid user foo 175.6.27.49 port 6920 [preauth]
Nov 2 07:34:03 marconi sshd[25979]: ssh_dispatch_run_fatal: Connection from 170.250.140.52 port 45852: DH GEX group out of range [preauth]
Nov 2 07:34:15 marconi sshd[26033]: Did not receive identification string from 163.172.136.101 port 37627
Nov 2 07:48:30 marconi sshd[30673]: Did not receive identification string from 121.156.90.110 port 44398
Nov 2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
Nov 2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
Nov 2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Aug 23 18:39:24 nada fredrik[1713]: Sista raden