fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Diverse uppdaterade regler

Browse Source
This commit is contained in:
fredrik
2017-03-26 21:22:25 +02:00
parent c287979a0e
commit 9ff928d1d5
3 changed files with 83 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
logcheck_debian
View File

@@ -90,8 +90,8 @@
#Mar 17 06:30:26 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Update failed. Your network may be down or none of the mirrors listed in \/etc\/clamav\/freshclam.conf is working. Check http:\/\/www.clamav.net\/doc\/mirrors-faq.html for possible reasons.
#Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1
\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamav-milter: ClamAV: mi_stop=1
#
@@ -183,7 +183,7 @@
#Mar 11 06:34:44 nada named[1771]: reading built-in trusted keys from file '/etc/bind/bind.keys'
#Mar 11 06:34:44 nada named[1771]: sizing zone task pool based on 21 zones
#Mar 11 06:34:44 nada named[1771]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload'|reading built-in trusted keys from file '/etc/bind/bind.keys')
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload( [.[:alnum:]]+)?'|reading built-in trusted keys from file '/etc/bind/bind.keys')
#Mar 10 06:43:39 nada named[1771]: client 95.170.86.14#50337: received notify for zone 'happysthlm.com'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
@@ -191,7 +191,7 @@
#Mar 13 19:06:05 nada named[1771]: client 95.170.86.14#54781: transfer of 'stiy.com/IN': IXFR ended
#Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR started
#Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR ended
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN': (IXFR|AXFR-style) (started|ended)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN':( AXFR-style) IXFR (started|ended)
#Mar 11 06:34:44 nada named[1771]: reloading configuration succeeded
#Mar 11 06:34:44 nada named[1771]: reloading zones succeeded
@@ -230,6 +230,10 @@
#Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad compression pointer
#Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-.[:alnum:]]+/IN: loaded serial [[:digit:]]+
#
# SASLAUTHD
@@ -304,14 +308,22 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: Milter: to=[.@%[:alnum:]]+, reject=451 4.7.1 Greylisting in action, please come back later
#Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from \[[.[:digit:]]+\] \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds
#Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds
#Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from (\[[.[:digit:]]+\]|[-.[:alnum:]]+) \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds
#Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Service unavailable
#Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Host unknown \(Name server:
#[-.[:alnum:]]+: host not found\)
#Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
#Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [-.[:alnum:]]+ \[[.[:digit:]]+\]: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.1\\r\\n
#Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: ([-.[:alnum:]]+ )?\[[.[:digit:]]+\]: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.1\\r\\n
#Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
@@ -329,7 +341,11 @@
#Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: Fixed MIME Content-Type header field \(possible attack\)
#Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "[=\\[:alnum:]]+"\], relay=\[[.:[:digit:]]+\]
#Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: write error=syscall error \(-1\), errno=32, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=99, ssl_err=5
@@ -389,14 +405,16 @@
# Mar 8 12:09:30 nada sshd[26267]: Received disconnect from 199.91.135.158: 3: com.jcraft.jsch.JSchException: reject HostKey: 66.23.226.92 [preauth]
# Feb 28 03:09:57 nada sshd[30462]: Received disconnect from 47.89.188.218: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
#Mar 3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )3: (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException): (reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel) \[preauth\]
#Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )(3|13): (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException|User request)(: )?(reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel)? \[preauth\]
#Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
#Apr 7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
#Apr 3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
#May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
#Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect(ed by user)?|ok|Bye|Closed due to user request.) \[preauth\]
#Mar 17 07:29:31 nada sshd[7692]: Received disconnect from 178.162.211.197: 13: User request [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: (11|13): (User request|disconnect(ed by user)?|ok|Bye|Closed due to user request.) \[preauth\]
#Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
@@ -435,6 +453,9 @@
#May 11 01:17:42 kvarnen sshd[14739]: fatal: Unable to negotiate a key exchange method [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]
#Mar 17 09:44:38 marconi sshd[27920]: fatal: Unable to negotiate with 212.129.20.230 port 51562: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.[:digit:]]+ port [[:alnum:]]+: no matching cipher found. Their offer: .* \[preauth\]
#Apr 27 12:36:56 kvarnen sshd[26293]: Bad protocol version identification 'GET http://clientapi.ipip.net/echo.php?info=20160427185402 HTTP/1.1' from 106.184.2.29 port 7680
#May 13 16:59:50 kvarnen sshd[21380]: Bad protocol version identification '' from 171.13.14.52 port 59637
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '.*' from [.:[:digit:]]+ port [[:digit:]]+
@@ -472,7 +493,10 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Mar 8 03:17:11 nada sshd[23415]: Received disconnect from 91.195.103.166: 11: Client disconnecting normally [preauth]
#Mar 7 19:37:07 nada sshd[9647]: Received disconnect from 91.195.103.173: 11: Client disconnecting normally [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: Client disconnecting normally \[preauth\]
#Mar 9 15:08:55 marconi sshd[25800]: Received disconnect from 61.158.188.21 port 59944:11: ok [preauth]
#Mar 9 15:22:40 marconi sshd[29305]: Received disconnect from 202.163.123.135 port 59164:11: ok [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?11: (Client disconnecting normally|ok) \[preauth\]

16
logcheck_ubuntu
View File

@@ -2,7 +2,7 @@
# BACKUP
#
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ BACKUP:
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ backup\[[[:digit:]]+\]
#
# DBUS
@@ -24,7 +24,8 @@
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPACK of [.:[:digit:]]+ from [.:[:digit:]]+
#Mar 2 16:25:24 marconi dhclient[22777]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x74f7120)
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPREQUEST of [.:[:digit:]]+ on enp4s0 to [.:[:digit:]]+ port 67 \(xid\=0x74f7120\)
#Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb)
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPREQUEST of [.:[:digit:]]+ on enp4s0 to [.:[:digit:]]+ port 67 \(xid\=[[:alnum:]]+\)
#Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: new request (1 scripts)
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: new request \(1 scripts\)
@@ -32,6 +33,14 @@
#Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts...
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: start running ordered scripts...
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: enp4s0: (adding|removing)( default)? route (via|to) 192.168.?.?(\/24)?
#Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: if_route \(ADD\): File exists
@@ -78,7 +87,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: Bye Bye \[preauth\]
#Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 \[preauth\]
#Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: [-,[:alnum:]]+ \[preauth\]
#Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\]

37
testlog
View File

@@ -426,6 +426,43 @@ Mar 6 22:43:34 nada sshd[4306]: Disconnecting: Packet corrupt [preauth]
Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack)
Mar 8 03:17:11 nada sshd[23415]: Received disconnect from 91.195.103.166: 11: Client disconnecting normally [preauth]
Mar 7 19:37:07 nada sshd[9647]: Received disconnect from 91.195.103.173: 11: Client disconnecting normally [preauth]
Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 9 05:30:02 marconi backup[1895]: Startar backup av marconi
Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Mar 9 09:18:45 marconi backup[12320]: Jobbet avslutat och alla filer flyttade
Mar 9 15:08:55 marconi sshd[25800]: Received disconnect from 61.158.188.21 port 59944:11: ok [preauth]
Mar 9 15:22:40 marconi sshd[29305]: Received disconnect from 202.163.123.135 port 59164:11: ok [preauth]
OA
Mar 17 07:29:31 nada sshd[7692]: Received disconnect from 178.162.211.197: 13: User request [preauth]
Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found)
Mar 17 09:44:38 marconi sshd[27920]: fatal: Unable to negotiate with 212.129.20.230 port 51562: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]
Mar 16 16:34:12 nada sshd[11591]: input_userauth_request: invalid user [preauth]
Mar 16 10:33:41 nada named[31321]: received control channel command 'reload happysthlm.se'
Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600
Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR started
Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended
Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR started
Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended
Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
Mar 15 06:24:30 nada sm-mta[29141]: v2F5OSbF029141: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:24:51 nada sm-mta[29155]: v2F5OoMX029155: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:25:13 nada sm-mta[29160]: v2F5PClb029160: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:25:35 nada sm-mta[29590]: v2F5PYa1029590: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 20 06:54:52 nada sshd[7359]: input_userauth_request: invalid user [preauth]
Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n
Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1
Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth]
Mar 19 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24
Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1
Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb)
Mar 24 13:00:11 marconi kernel: [181133.572625] r8169 0000:04:00.0 enp4s0: link up
Mar 24 01:42:10 nada sshd[31304]: input_userauth_request: invalid user [preauth]
Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds
Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Aug 23 18:39:24 nada fredrik[1713]: Sista raden