fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Nya regler för Debian 11

Browse Source
This commit is contained in:
fredrik
2021-10-28 08:21:27 +02:00
parent 526a7c8c97
commit ae1b9291dc
5 changed files with 75 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
logcheck_debian
View File

@@ -8,7 +8,8 @@
# Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
# Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
# Mar 7 21:39:47 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=jras_81 uid=0 euid=0 tty=dovecot ruser=jras_81 rhost=177.101.130.43
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\((dovecot)?:auth\): authentication failure\; logname=([_-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=(dovecot)? ruser=([_-.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\((dovecot)?:auth\): authentication failure
#\; logname=([_-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=(dovecot)? ruser=([_-.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?
# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown
@@ -331,41 +332,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: DNS format error from [\#.[:digit:]]+ resolving [-_.[:alnum:]]+/DS: Name . \(SOA\) not subdomain of zone org -- invalid response
#
# OPENDKIM
#
#Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: mta15.achatdesoffres.be [149.202.159.102] not internal
#Sep 14 02:20:37 nada opendkim[21955]: x8E0KXlB026281: [194.36.142.89] [194.36.142.89] not internal
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: ([-._[:alnum:]]+|\[[.[:digit:]]+\]) \[[.[:digit:]]+\] not internal
#Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: not authenticated
#Sep 14 10:10:49 nada opendkim[21955]: x8E8AjNd008607: no signature data
#Sep 15 09:59:26 nada opendkim[21955]: x8F7xMhM010212: bad signature data
#Sep 14 11:30:22 nada opendkim[21955]: x8E9UENg009655: failed to parse Authentication-Results: header field
#Sep 15 13:25:02 nada opendkim[21955]: x8FBOtch014266: failed to parse authentication-results: header field
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: (not authenticated|(bad|no) signature data|failed to parse [aA]uthentication-[rR]esults: header field)
#Sep 14 02:16:32 nada opendkim[21955]: x8E0GOqX026235: s=default d=achatdesoffres.be SSL
#Sep 14 11:30:25 nada opendkim[21955]: x8E9UENg009655: s=selector2-synsam-onmicrosoft-com d=synsam.onmicrosoft.com SSL
#Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: s=d2048-201806-01 d=linkedin.com SSL
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: s=[-._[:alnum:]]+ d=[-._[:alnum:]]+ SSL
#Sep 14 09:09:27 nada opendkim[21955]: x8E79KnS021433: message has signatures from duolingo.com, amazonses.com
#Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: message has signatures from linkedin.com, maile.linkedin.com
#Sep 14 13:47:35 nada opendkim[21955]: x8EBlUbo012372: message has signatures from dezeen.com, cmail2.com
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: message has signatures from [-._[:alnum:]]+, [-._[:alnum:]]+
#Sep 14 14:49:02 nada opendkim[21955]: x8ECmqeD013147: key retrieval failed (s=s1, d=autopay.io): 's1._domainkey.autopay.io' query timed out
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: key retrieval failed.*$
#Sep 14 02:16:32 nada sm-mta[26235]: x8E0GOqX026235: Milter insert (1): header: Authentication-Results: nada.wahlberg.se; dkim=pass\n\treason="1024-bit key; unprotected key"\n\theader.d=achatdesoffres.be header.i=@achatdesoffres.be\n\theader.b=IesLqRjT; dkim-adsp=pass; dkim-atps=neutral
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sm-mta\[[[:digit:]]+\]: [[:alnum:]]+: Milter insert.*$
#Nov 20 09:20:12 nada opendkim[504]: xAK8K5B8032017: no signing table match for 'gregory@mc-cabe.com'
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: no signing table match for '.*'
#
# SASLAUTHD
#