fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Nya regeluppdateringar

Browse Source
This commit is contained in:
fredrik
2022-02-06 09:41:02 +01:00
parent 363b1571a1
commit 9f97deb5ac
5 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
logcheck-fw-dovecot
View File

@@ -6,3 +6,6 @@
#Oct 25 16:13:00 nada dovecot: imap(fredrik)<6240><99Nk8i3P18suOxpv>: Logged out in=2119 out=386189 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=26072
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([[:alnum:]]+\)<[[:alnum:]]+><[\/[:alnum:]]+>: (Connection closed|Logged out in).*
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: STARTTLS=client(:|,)

9
logcheck-fw-named
View File

@@ -8,7 +8,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload( [.[:alnum:]]+)?'|reading built-in trusted keys from file '/etc/bind/bind.keys')
#Mar 10 06:43:39 nada named[1771]: client 95.170.86.14#50337: received notify for zone 'happysthlm.com'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
#Feb 6 01:00:04 nada named[2607]: client @0xf25c9754 46.21.104.9#50736: received notify for zone 'thulin.info'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client( .*)? [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
#Mar 13 19:06:05 nada named[1771]: client 95.170.86.14#54781: transfer of 'stiy.com/IN': IXFR ended
#Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR started
@@ -48,6 +49,9 @@
#Dec 19 17:32:19 nada named[5082]: managed-keys-zone: Active key unexpectedly missing from dlv.isc.org
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone: Active key unexpectedly missing from dlv.isc.org
#Feb 5 21:24:45 nada named[2607]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone: Key [[:digit:]]+ for zone . is now trusted \(acceptance timer complete\)
#Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: validating [@[:alnum:]]+: . NS: got insecure response; parent indicates it should be secure
@@ -83,4 +87,5 @@
#Oct 28 07:54:13 nada named[368]: client @0xf242cb64 104.180.184.102#80 (.): query failed (REFUSED) for ./IN/RRSIG at query.c:5498
#Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([.[:alnum:]]+\):
#Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-.[:alnum:]]+\):

6
logcheck-fw-opendkim
View File

@@ -41,3 +41,9 @@
#Oct 26 08:07:42 nada opendkim[452]: 19Q67at9009525: s=key1 d=s8.uwentos.ru a=rsa-sha1 SSL
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: s=[-.[:alnum:]]+ d=[-.[:alnum:]]+ a=[-.[:alnum:]]+ SSL
#Feb 6 05:49:41 nada opendkim[11209]: 2164nbMA007755: syntax error: missing parameter(s) in signature data
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: syntax error: missing parameter\(s\) in signature data
#Feb 5 12:34:09 nada opendkim[11209]: 215BY3W7014029: can't parse From: header value ' Administrator'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: can't parse From: header value

13
logcheck-fw-sshd
View File

@@ -136,11 +136,22 @@
#Oct 28 07:58:37 nada sshd[1041]: error: kex_exchange_identification: Connection closed by remote host
#Oct 28 12:23:29 nada sshd[14913]: error: kex_exchange_identification: read: Connection reset by peer
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: (read: )?Connection (closed|reset) by (remote host|peer)
#Feb 5 10:57:24 nada sshd[10567]: error: kex_exchange_identification: banner line contains invalid characters
#Feb 4 12:47:13 nada sshd[8428]: error: kex_exchange_identification: client sent invalid protocol identifier "0"
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification:
#Feb 5 10:57:24 nada sshd[10567]: banner exchange: Connection from 164.52.24.164 port 40043: invalid format
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange:
#Feb 5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error:
#Oct 28 07:58:37 nada sshd[1041]: Connection closed by 141.98.10.82 port 40176
#Oct 28 12:23:29 nada sshd[14913]: Connection reset by 185.73.124.100 port 12384
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by [.:[:digit:]]+ port [[:digit:]]+
#Oct 28 19:58:35 nada sshd[12067]: Connection reset by invalid user 178.73.215.171 port 60178 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]

16
testlog
View File

@@ -1,5 +1,7 @@
första raden i loggen
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Oct 28 19:58:35 nada sshd[12067]: Connection reset by invalid user 178.73.215.171 port 60178 [preauth]
Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
Oct 28 10:01:06 nada HORDE: Guest user is not authorized for Mail (Host: msnbot-157-55-39-113.search.msn.com). [pid 30077 on line 324 of "/usr/share/php/Horde/Registry.php"]
Oct 28 10:58:51 nada HORDE: Guest user is not authorized for Horde (Host: 33.bl.bot.semrush.com). [pid 5104 on line 324 of "/usr/share/php/Horde/Registry.php"]
Oct 28 07:54:13 nada named[368]: client @0xf242cb64 104.180.184.102#80 (.): query failed (REFUSED) for ./IN/RRSIG at query.c:5498
@@ -718,7 +720,19 @@ Oct 26 08:02:39 nada opendkim[452]: 19Q62XN9009466: s=dk d=s6.csa2.acemsa2.com a
Oct 26 08:03:24 nada opendkim[452]: 19Q63GTn009473: s=neolane d=email.hm.com a=rsa-sha256 SSL
Oct 26 08:05:29 nada opendkim[452]: 19Q65Jlq009498: s=bedrock d=lrfsamkop.se a=rsa-sha1 SSL
Oct 26 08:07:42 nada opendkim[452]: 19Q67at9009525: s=key1 d=s8.uwentos.ru a=rsa-sha1 SSL
Feb 6 00:50:43 nada opendkim[11209]: 215Nodvf000505: syntax error: missing parameter(s) in signature data
Feb 6 01:00:04 nada named[2607]: client @0xf25c9754 46.21.104.9#50736: received notify for zone 'thulin.info'
Feb 6 01:00:04 nada named[2607]: client @0xf25d1ea4 46.21.104.9#50736: received notify for zone 'lidberg.se'
Feb 6 03:22:50 nada opendkim[11209]: 2162MlIG003947: syntax error: missing parameter(s) in signature data
Feb 6 03:33:13 nada opendkim[11209]: 2162XAh3004159: syntax error: missing parameter(s) in signature data
Feb 6 05:49:41 nada opendkim[11209]: 2164nbMA007755: syntax error: missing parameter(s) in signature data
Feb 5 21:24:45 nada named[2607]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Feb 5 10:57:24 nada sshd[10567]: error: kex_exchange_identification: banner line contains invalid characters
Feb 5 10:57:24 nada sshd[10567]: banner exchange: Connection from 164.52.24.164 port 40043: invalid format
Feb 5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [preauth]
Feb 4 12:47:13 nada sshd[8428]: error: kex_exchange_identification: client sent invalid protocol identifier "0"
Feb 5 12:34:09 nada opendkim[11209]: 215BY3W7014029: can't parse From: header value ' Administrator'
Feb 4 21:20:45 nada opendkim[11209]: 214KKdrR021463: syntax error: missing parameter(s) in signature data
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Aug 23 18:39:24 nada fredrik[1713]: Sista raden