fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ny regler för Ubuntu 17.10

Browse Source
This commit is contained in:
fredrik
2017-11-02 08:51:50 +01:00
parent 299753ae41
commit 7858c1ffd4
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
logcheck_ubuntu
View File

@@ -78,7 +78,8 @@
#
#Mar 2 14:16:53 marconi sshd[4282]: Connection closed by 163.172.210.106 port 56708 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
#Nov 2 07:25:58 marconi sshd[22932]: Connection closed by invalid user foo 175.6.27.49 port 6920 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by (invalid user [[:alnum:]]+ )?[.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
#Mar 2 13:42:26 marconi sshd[25003]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
#Mar 2 17:00:04 marconi sshd[31419]: Received disconnect from 116.31.116.18 port 20137:11: [preauth]
@@ -87,6 +88,10 @@
#Mar 2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [.:[:digit:]]+ (port [.:[:digit:]]+ )?
#Nov 2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
#Nov 2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (invalid|authenticating) user [[:alnum:]]+ [.:[:digit:]]+ (port [.:[:digit:]]+ )?
#Mar 2 17:00:24 marconi sshd[556]: Connection reset by 119.147.115.37 port 1841 [preauth]
#Mar 2 17:07:35 marconi sshd[2635]: Connection reset by 119.147.115.37 port 1070 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by [.:[:digit:]]+ port [.:[:digit:]]+ \[preauth\]
@@ -118,9 +123,15 @@
#Feb 27 18:16:55 marconi sshd[30123]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
#Nov 2 07:34:15 marconi sshd[26033]: Did not receive identification string from 163.172.136.101 port 37627
#Nov 2 07:48:30 marconi sshd[30673]: Did not receive identification string from 121.156.90.110 port 44398
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from [.:[:digit:]]+ port [.:[:digit:]]+
#Nov 2 07:34:03 marconi sshd[25979]: ssh_dispatch_run_fatal: Connection from 170.250.140.52 port 45852: DH GEX group out of range [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [.:[:digit:]]+: DH GEX group out of range \[preauth\]
#Nov 2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting authenticating user root [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
#
# SYSTEMD