Nya regler

logcheck_debian

@@ -104,6 +104,13 @@
 #Nov  7 09:58:47 nada freshclam[304]: WARNING: Invalid DNS reply. Falling back to HTTP mode.
 \w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: WARNING: (DNS record is older than 3 hours.|Invalid DNS reply. Falling back to HTTP mode.)
 
+#Mar  9 23:47:14 nada freshclam[31063]: WARNING: Your ClamAV installation is OUTDATED!
+#Mar  9 23:47:14 nada freshclam[31063]: WARNING: Local version: 0.99.3 Recommended version: 0.99.4
+\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: WARNING: (Your ClamAV installation is OUTDATED!|Local version:)
+
+#Mar  9 23:47:14 nada freshclam[31063]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
+\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
+
 
 
 #
@@ -366,8 +373,8 @@
 #Mar 15 11:26:20 nada sm-mta[6679]: STARTTLS=client, relay=mail.compenta.se., version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA256, bits=128/128
 #Mar 30 20:47:04 nada sm-mta[9603]: STARTTLS=client, relay=mail-gw01.fsdata.se., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
 #Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
-#Mar 30 13:04:11 nada sm-mta[30164]: STARTTLS=client, relay=mailgw.swip.net., field=cn_subject, status=failed to extract CN
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1/SSLv3, verify=FAIL, cipher=[-[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
+#Mar  9 00:02:06 cocacola sm-mta[30768]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1(.2)?(/SSLv3)?, verify=FAIL, cipher=[-[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
 
 #Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\(127.0.0.2\) failed: 1
@@ -497,6 +504,14 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: result: (.|Y) [-[:digit:]]+
 
 
+#Mar  9 06:51:00 nada spamd[29947]: spamd: server socket closed, type IO::Socket::IP
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server socket closed, type IO::Socket::IP
+
+Mar  9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.0)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server started on IO::Socket::IP \[127.0.0.1\]:783 \(running version 3.4.0\)
+
+#Mar  9 06:51:02 nada spamd[31055]: zoom: able to use 345/345 'body_0' compiled rules (100%)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: zoom: able to use 345/345 'body_0' compiled rules \(100%\)
 
 
 
@@ -619,7 +634,7 @@
 \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\]
 
 #Sep  9 06:55:41 marconi sshd[11486]: Invalid user  0101 from 91.197.232.109
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [ -@.[:alnum:]]+ from [.:[:digit:]]+
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user ([ -@.[:alnum:]]+)? from [.:[:digit:]]+
 
 #Sep 11 11:32:09 cocacola sshd[5924]: Received disconnect from 5.189.139.2: 11: Normal Shutdown, Thank you for playing [preauth]
 #Sep  8 13:32:49 marconi sshd[20127]: Received disconnect from 103.27.239.143 port 40512:11: Normal Shutdown, Thank you for playing [preauth]