Min enga konfigfil förlogcheck

2016-03-11 11:20:04 +01:00
commit c9b927916e
1 changed files with 87 additions and 0 deletions
--- a/87
+++ b/87
@@ -0,0 +1,87 @@
+#
+# DOVECOT
+#
+#Mar  9 07:05:01 nada dovecot: imap(katarina): Connection closed: Connection reset by peer in=2733 out=436379
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([[:alnum:]]+\): Connection closed(: Connection reset by peer)? in=[[:digit:]]+ out=[[:digit:]]+
+
+#Mar  9 16:48:53 nada dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<birgitta>, method=PLAIN, rip=155.4.128.66, lip=66.23.226.92, TLS, session=<EbCHop8txQCbBIBC>
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap-login: Maximum number of connections from user\+IP exceeded \(mail_max_userip_connections=[[:digit:]]+\): user=<[[:alnum:]]+>, method=PLAIN, rip=[.:[:digit:]]+, lip=[.:[:digit:]]+, TLS, session=<[[:alnum:]]+>
+
+# Mar  8 14:08:09 nada dovecot: imap-login: Disconnected (no auth attempts in 28 secs): user=<>, rip=83.185.81.166, lip=66.23.226.92, TLS handshaking: Disconnected, session=<BNTkRYktuwBTuVGm>
+# Mar  8 14:10:01 nada dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=155.4.128.66, lip=66.23.226.92, TLS: Disconnected, session=<bXSMTIktugCbBIBC>
+# Mar  8 15:42:52 nada dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=141.212.122.129, lip=66.23.226.92, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<M0mYmIotEACN1HqB>
+# Mar  8 09:55:24 nada dovecot: imap-login: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=213.153.113.1, lip=66.23.226.92, TLS, session=<tGj3vYUtSgDVmXEB>
+#Mar 10 21:31:07 nada dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=<katarina>, method=PLAIN, rip=66.23.226.92, lip=66.23.226.92, TLS, session=<qnd3sbctoABCF+Jc>
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected(: Inactivity)? \((auth failed, [[:digit:]]+|no auth) attempts in [[:digit:]]+ secs\): user=<([[:alnum:]]+)?>,( method=PLAIN,)? rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS(, session=<[+/[:alnum:]]+>)?
+
+
+#
+#  MONIT
+#
+#Mar 10 15:21:02 nada monit[5075]: 'localhost' loadavg(5min) of 2.3 matches resource limit [loadavg(5min)>2.0]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: 'localhost' loadavg\([[:digit:]]+min\) of [.[:digit:]]+ matches resource limit \[loadavg\([[:digit:]]+min\)>[.[:digit:]]+\]
+
+#Mar 10 15:23:02 nada monit[5075]: 'localhost' 'localhost' loadavg(5min) check succeeded [current loadavg(5min)=1.8]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: 'localhost' 'localhost' loadavg\([[:digit:]]+min\) check succeeded \[current loadavg\([[:digit:]]+min\)=[.[:digit:]]+\]
+
+
+# 
+# NAMED
+#
+#Mar 11 06:34:44 nada named[1771]: received control channel command 'reload'
+#Mar 11 06:34:44 nada named[1771]: reading built-in trusted keys from file '/etc/bind/bind.keys'
+#Mar 11 06:34:44 nada named[1771]: sizing zone task pool based on 21 zones
+#Mar 11 06:34:44 nada named[1771]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload'|reading built-in trusted keys from file '/etc/bind/bind.keys')
+
+#Mar 10 06:43:39 nada named[1771]: client 95.170.86.14#50337: received notify for zone 'happysthlm.com'
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
+
+#Mar 11 06:34:44 nada named[1771]: reloading configuration succeeded
+#Mar 11 06:34:44 nada named[1771]: reloading zones succeeded
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: reloading (configuration|zones) succeeded
+
+#Mar 11 06:34:44 nada named[1771]: using default UDP/IPv4 port range: [1024, 65535]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: using default UDP/IPv(4|6) port range: \[[[:digit:]]+, [[:digit:]]+\]
+
+
+#
+# SM-MTA
+# 
+#Mar  9 07:31:29 nada sm-mta[24919]: u296VPig024919: ruleset=check_rcpt, arg1=<netshopping@sanfo.com>, relay=[75.98.154.125], reject=550 5.7.1 <netshopping@sanfo.com>... Relaying denied. IP name lookup failed [75.98.154.125]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_rcpt, arg1=<[-_.@[:alnum:]]+>, relay=\[[.:[:digit:]]+\], reject=550 5.7.1 <[-_.@[:alnum:]]+>... Relaying denied. IP name lookup failed \[[.:[:digit:]]+\]
+
+#Mar  9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: collect: premature EOM: Connection reset by [208.87.25.77]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: collect: premature EOM: Connection reset by \[[.:[:digit:]]+\]
+
+#Mar  9 07:33:07 nada sm-mta[24033]: u296N4QZ024033: SYSERR(root): collect: I/O error on connection from [208.87.25.77], from=<noc@newwiiindows.com>
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: SYSERR\(root\): collect: I\/O error on connection from \[[.:[:digit:]]+\], from=<[-_.@[:alnum:]]+>
+
+#
+#  SPAMD
+#
+#Mar  9 15:31:44 nada spamd[27511]: bayes: cannot open bayes databases /var/lib/spamass-milter/.spamassassin/bayes_* R/W: lock failed: File exists
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: bayes: cannot open bayes databases /var/lib/spamass-milter/.spamassassin/bayes_\* R/W: lock failed: File exists
+
+
+#
+# SSHD
+#
+#Mar 10 06:59:17 nada sshd(pam_google_authenticator)[3478]: Failed to read "/bin/.google_authenticator"
+#May 19 10:39:19 nada sshd(pam_google_authenticator)[18265]: Failed to compute location of secret file
+#May 19 14:05:07 nada sshd(pam_google_authenticator)[20232]: Did not receive verification code from user
+#May 19 14:05:17 nada sshd(pam_google_authenticator)[20399]: Invalid verification code
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Failed to compute location of secret file
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Did not receive verification code from user
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Invalid verification code
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Failed to read \"[/[:alnum:]]+\/.google_authenticator\"
+
+
+# Mar 10 11:12:56 nada sshd[26548]: Received disconnect from 94.102.49.198: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
+# Mar  8 12:09:30 nada sshd[26267]: Received disconnect from 199.91.135.158: 3: com.jcraft.jsch.JSchException: reject HostKey: 66.23.226.92 [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 3: com.jcraft.jsch.JSchException: (reject HostKey: [.:[:digit:]]+|Auth fail) \[preauth\]
+
+# Mar 10 21:31:03 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=katarina rhost=66.23.226.92  user=katarina
+# Mar  8 18:05:09 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredrik uid=0 euid=0 tty=dovecot ruser=fredrik rhost=::1
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\(dovecot:auth\): authentication failure\; logname=([[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=dovecot ruser=[[:alnum:]]+ rhost=[.:[:xdigit:]]+
+