fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Lade till regler som av någon anledning inte behövs på Kvarnen...

Browse Source
This commit is contained in:
fredrik
2016-08-17 09:53:18 +02:00
parent 58701ab93e
commit 8235dab65d
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
logcheck_ignore
View File

@@ -361,7 +361,8 @@
#Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
#Apr 7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
#Apr 3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (ok|Bye|Closed due to user request.) \[preauth\]
#May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect|ok|Bye|Closed due to user request.) \[preauth\]
#Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
@@ -407,9 +408,16 @@
#Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
#Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive/pam for invalid user support from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive/pam for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
#Apr 22 14:23:22 nada sshd[19599]: subsystem request for sftp by user petter
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
#May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [._[:alnum:]]+(\\\\r)? \[preauth\]
#Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=[.[:alnum:]]+ user=root
#
# SUHOSIN