From d0adef7f271d286f45b47c6bc594c4d6454e57e1 Mon Sep 17 00:00:00 2001 From: Fredrik Wahlberg Date: Tue, 11 Apr 2017 10:22:32 +0200 Subject: [PATCH] =?UTF-8?q?=C3=84nnu=20fler=20regler?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- logcheck_debian | 29 +++++++++++++++++++++++++++-- testlog | 20 ++++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/logcheck_debian b/logcheck_debian index f95816c..e9d5582 100644 --- a/logcheck_debian +++ b/logcheck_debian @@ -172,7 +172,8 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: \[kronolith\] Failed to retrieve remote calendar: url = #Apr 2 20:17:48 nada HORDE: User is not authorized for imp [pid 21121 on line 324 of "/usr/share/php/Horde/Registry.php"] -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: User is not authorized for imp +#Apr 10 21:18:28 nada HORDE: User is not authorized for horde [pid 28010 on line 324 of "/usr/share/php/Horde/Registry.php"] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: User is not authorized for (imp|horde) @@ -273,6 +274,12 @@ #Apr 10 06:49:43 nada named[297]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: automatic empty zone: [.[:alnum:]]+(IN-ADDR|IP6).ARPA +#Apr 11 06:48:06 nada named[297]: all zones loaded +#Apr 11 06:48:06 nada named[297]: running +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (all zones loaded|running) + +#Apr 11 06:48:06 nada rndc[15568]: server reload successful +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rndc\[[[:digit:]]+\]: server reload successful # @@ -392,6 +399,9 @@ #Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: write error=syscall error \(-1\), errno=32, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=99, ssl_err=5 +#Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[0-9]+\]: [[:alnum:]]+: Authentication-Warning: nada.wahlberg.se: www-data set sender to [.@[:alnum:]]+ using -f + # @@ -439,7 +449,8 @@ #Apr 2 18:28:06 nada spamd[12078]: dns: reply to 9869/IN/A/22211110.com truncated (EDNS 4096 bytes), 89 answer records #Apr 2 20:37:14 nada spamd[12078]: dns: reply to 52792/IN/TXT/freemediainternet.com truncated (EDNS 4096 bytes), 2 answer records #Apr 2 21:13:53 nada spamd[12078]: dns: reply to 28509/IN/TXT/bronto.com truncated (EDNS 4096 bytes), 13 answer records -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to [[:digit:]]+\/IN\/(A|TXT)\/[[:alnum:]]+.com truncated \(EDNS 4096 bytes\), [[:digit:]]+ answer records +#Apr 11 00:55:11 nada spamd[13608]: dns: reply to 34774/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to [[:digit:]]+\/IN\/(A|TXT)\/[.[:alnum:]]+ truncated \(EDNS 4096 bytes\), [[:digit:]]+ answer records #Apr 2 19:45:30 nada spamd[12078]: spamd: result: Y 17 - BAYES_50,DATE_IN_PAST_96_XX,HTML_MESSAGE,MIMEOLE_DIRECT_TO_MX,MISSING_MID,PYZOR_CHECK,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK scantime=1.8,size=1914,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33068,mid=(unknown),bayes=0.499958,autolearn=no autolearn_force=no #Apr 2 19:49:28 nada spamd[12078]: spamd: result: Y 11 - BAYES_50,DATE_IN_FUTURE_24_48,MISSING_MID,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_SOFTFAIL,URIBL_DBL_SPAM,URIBL_SBL_A scantime=2.5,size=3208,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39030,mid=(unknown),bayes=0.508483,autolearn=no autolearn_force=no @@ -592,6 +603,20 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth #Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories. ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3} +#Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0) +#Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user nobody( by \(uid=0\))? + + + +#Apr 11 06:47:59 nada systemd-logind[306]: Existing logind session ID 264242 used by new audit session, ignoring +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Existing logind session ID [[:digit:]]+ used by new audit session, ignoring + +#Apr 11 06:47:59 nada systemd-logind[306]: New session c12 of user nobody. +#Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12. +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session c12.|New session c12 of user nobody.) + + diff --git a/testlog b/testlog index 914f50c..3402856 100644 --- a/testlog +++ b/testlog @@ -490,6 +490,26 @@ Apr 10 05:59:24 marconi named[7781]: validating cmqpg0nlq5bi4s4ucti6jj2avrd7mh Apr 10 06:49:43 nada named[297]: automatic empty zone: 10.IN-ADDR.ARPA Apr 10 06:49:43 nada named[297]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Apr 9 22:13:12 nada spamd[15599]: spamd: result: . 4 - BAYES_50,DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,MISSING_MID,RP_MATCHES_RCVD,SPF_PASS scantime=2.6,size=11507,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45326,mid=(unknown),bayes=0.485144,autolearn=no autolearn_force=no +Apr 11 00:55:11 nada spamd[13608]: dns: reply to 34774/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records +Apr 11 03:51:10 nada spamd[13608]: dns: reply to 64012/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records +Apr 11 03:51:10 nada spamd[13608]: dns: reply to 15832/IN/A/relayhi3.euro.email truncated (EDNS 4096 bytes), 34 answer records +Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0) +Apr 11 06:47:59 nada systemd-logind[306]: Existing logind session ID 264242 used by new audit session, ignoring +Apr 11 06:47:59 nada systemd-logind[306]: New session c12 of user nobody. +Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12. +Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody +Apr 11 06:48:06 nada rndc[15568]: server reload successful +Apr 11 06:48:06 nada named[297]: all zones loaded +Apr 11 06:48:06 nada named[297]: running +Apr 10 18:55:12 nada spamd[22038]: dns: reply to 59370/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records +Apr 10 19:14:32 nada HORDE: User is not authorized for horde [pid 20920 on line 324 of "/usr/share/php/Horde/Registry.php"] +Apr 10 19:14:32 nada HORDE: User is not authorized for horde [pid 20920 on line 324 of "/usr/share/php/Horde/Registry.php"] +Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f +Apr 10 20:11:54 nada HORDE: User is not authorized for horde [pid 15446 on line 324 of "/usr/share/php/Horde/Registry.php"] +Apr 10 20:31:42 nada sendmail[24393]: v3AIVgPU024393: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f +Apr 10 21:18:28 nada HORDE: User is not authorized for horde [pid 28010 on line 324 of "/usr/share/php/Horde/Registry.php"] +Apr 10 21:57:16 nada spamd[19842]: dns: reply to 60884/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records +Apr 10 21:57:16 nada spamd[19842]: dns: reply to 43885/IN/A/relayhi3.euro.email truncated (EDNS 4096 bytes), 34 answer records