fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Några nya rader

Browse Source
This commit is contained in:
Fredrik Wahlberg
2016-04-16 09:03:10 +02:00
parent 4a75f6b7e5
commit c036613b4b
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
logcheck_ignore
View File

@@ -7,7 +7,7 @@
# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215 # Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
# Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141 # Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
# Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141 # Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\(dovecot:auth\): authentication failure\; logname=([-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=dovecot ruser=[-.@[:alnum:]]+ rhost=[.:[:xdigit:]]+ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\((dovecot)?:auth\): authentication failure\; logname=([-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=(dovecot)? ruser=([-.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?
# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown # Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown
@@ -225,8 +225,16 @@
#Mar 11 16:25:32 nada saslauthd[1732]: do_auth : auth failure: [user=no-reply] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] #Mar 11 16:25:32 nada saslauthd[1732]: do_auth : auth failure: [user=no-reply] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
#Mar 11 16:27:11 nada saslauthd[1732]: do_auth : auth failure: [user=Dr_Gonzo] [service=smtp] [realm=Challenge-UK.com] [mech=shadow] [reason=Unknown] #Mar 11 16:27:11 nada saslauthd[1732]: do_auth : auth failure: [user=Dr_Gonzo] [service=smtp] [realm=Challenge-UK.com] [mech=shadow] [reason=Unknown]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_auth[[:blank:]]+: auth failure: \[user=([-_.@[:alnum:]]+)?\] \[service=smtp\] \[realm=([-_.@[:alnum:]]+)?\] \[mech=shadow\] \[reason=Unknown\] #Apr 13 09:42:29 kvarnen saslauthd[620]: do_auth : auth failure: [user=test] [service=] [realm=] [mech=pam] [reason=PAM auth error]
#Apr 15 19:27:33 nada saslauthd[1732]: do_auth : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_auth[[:blank:]]+: auth failure: \[user=([ -_.@[:alnum:]]+)?\] \[service=(smtp)?\] \[realm=([-_.@[:alnum:]]+)?\] \[mech=(pam|shadow)\] \[reason=(Unknown|PAM auth error)\]
#Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_(krb5|unix)\((dovecot)?:auth\): authentication failure\; logname=([-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=(dovecot)? ruser=([-.@[:alnum:]]+)? rhost=([.:[:xdigit:]]+)?
#Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): check pass; user unknown
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_unix\(:auth\): check pass; user unknown
# #
@@ -240,7 +248,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_rcpt, arg1=(<)?[-_.@[:alnum:]]+(>)?, relay=[-.[:alnum:]]+ \[[.:[:digit:]]+\] \(may be forged\), reject=550 5.7.1 (<)?[-_.@[:alnum:]]+(>)?... Relaying denied. IP name possibly forged \[[.:[:digit:]]+\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_rcpt, arg1=(<)?[-_.@[:alnum:]]+(>)?, relay=[-.[:alnum:]]+ \[[.:[:digit:]]+\] \(may be forged\), reject=550 5.7.1 (<)?[-_.@[:alnum:]]+(>)?... Relaying denied. IP name possibly forged \[[.:[:digit:]]+\]
#Mar 9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: collect: premature EOM: Connection reset by [208.87.25.77] #Mar 9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: collect: premature EOM: Connection reset by [208.87.25.77]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: collect: premature EOM: Connection reset by \[[.:[:digit:]]+\] #Apr 15 17:29:00 nada sm-mta[687]: u3FFSq2F000687: collect: premature EOM: Connection reset by 99-198-26-191.cust.wildblue.net
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: collect: premature EOM: Connection reset by (\[)?[-.:[:alnum:]]+(\])?
#Mar 9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: SYSERR(root): collect: I/O error on connection from [208.87.25.77], from=<noc@newwiiindows.com> #Mar 9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: SYSERR(root): collect: I/O error on connection from [208.87.25.77], from=<noc@newwiiindows.com>
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: SYSERR\(root\): collect: I\/O error on connection from \[[.:[:digit:]]+\], from=<[-_.@[:alnum:]]+> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: SYSERR\(root\): collect: I\/O error on connection from \[[.:[:digit:]]+\], from=<[-_.@[:alnum:]]+>
@@ -283,7 +292,11 @@
#Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds #Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from \[[.[:digit:]]+\] \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from \[[.[:digit:]]+\] \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds
#Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Service unavailable
#Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [-.[:alnum:]]+ \[[.[:digit:]]+\]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\\r\\n
# #
# SPAMD # SPAMD