Ännu fler regler
This commit is contained in:
@@ -172,7 +172,8 @@
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: \[kronolith\] Failed to retrieve remote calendar: url =
|
||||
|
||||
#Apr 2 20:17:48 nada HORDE: User is not authorized for imp [pid 21121 on line 324 of "/usr/share/php/Horde/Registry.php"]
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: User is not authorized for imp
|
||||
#Apr 10 21:18:28 nada HORDE: User is not authorized for horde [pid 28010 on line 324 of "/usr/share/php/Horde/Registry.php"]
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ HORDE: User is not authorized for (imp|horde)
|
||||
|
||||
|
||||
|
||||
@@ -273,6 +274,12 @@
|
||||
#Apr 10 06:49:43 nada named[297]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: automatic empty zone: [.[:alnum:]]+(IN-ADDR|IP6).ARPA
|
||||
|
||||
#Apr 11 06:48:06 nada named[297]: all zones loaded
|
||||
#Apr 11 06:48:06 nada named[297]: running
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (all zones loaded|running)
|
||||
|
||||
#Apr 11 06:48:06 nada rndc[15568]: server reload successful
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rndc\[[[:digit:]]+\]: server reload successful
|
||||
|
||||
|
||||
#
|
||||
@@ -392,6 +399,9 @@
|
||||
#Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: write error=syscall error \(-1\), errno=32, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=99, ssl_err=5
|
||||
|
||||
#Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[0-9]+\]: [[:alnum:]]+: Authentication-Warning: nada.wahlberg.se: www-data set sender to [.@[:alnum:]]+ using -f
|
||||
|
||||
|
||||
|
||||
#
|
||||
@@ -439,7 +449,8 @@
|
||||
#Apr 2 18:28:06 nada spamd[12078]: dns: reply to 9869/IN/A/22211110.com truncated (EDNS 4096 bytes), 89 answer records
|
||||
#Apr 2 20:37:14 nada spamd[12078]: dns: reply to 52792/IN/TXT/freemediainternet.com truncated (EDNS 4096 bytes), 2 answer records
|
||||
#Apr 2 21:13:53 nada spamd[12078]: dns: reply to 28509/IN/TXT/bronto.com truncated (EDNS 4096 bytes), 13 answer records
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to [[:digit:]]+\/IN\/(A|TXT)\/[[:alnum:]]+.com truncated \(EDNS 4096 bytes\), [[:digit:]]+ answer records
|
||||
#Apr 11 00:55:11 nada spamd[13608]: dns: reply to 34774/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to [[:digit:]]+\/IN\/(A|TXT)\/[.[:alnum:]]+ truncated \(EDNS 4096 bytes\), [[:digit:]]+ answer records
|
||||
|
||||
#Apr 2 19:45:30 nada spamd[12078]: spamd: result: Y 17 - BAYES_50,DATE_IN_PAST_96_XX,HTML_MESSAGE,MIMEOLE_DIRECT_TO_MX,MISSING_MID,PYZOR_CHECK,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK scantime=1.8,size=1914,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33068,mid=(unknown),bayes=0.499958,autolearn=no autolearn_force=no
|
||||
#Apr 2 19:49:28 nada spamd[12078]: spamd: result: Y 11 - BAYES_50,DATE_IN_FUTURE_24_48,MISSING_MID,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_SOFTFAIL,URIBL_DBL_SPAM,URIBL_SBL_A scantime=2.5,size=3208,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39030,mid=(unknown),bayes=0.508483,autolearn=no autolearn_force=no
|
||||
@@ -592,6 +603,20 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
|
||||
#Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories.
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
|
||||
|
||||
#Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0)
|
||||
#Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user nobody( by \(uid=0\))?
|
||||
|
||||
|
||||
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: Existing logind session ID 264242 used by new audit session, ignoring
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Existing logind session ID [[:digit:]]+ used by new audit session, ignoring
|
||||
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: New session c12 of user nobody.
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12.
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session c12.|New session c12 of user nobody.)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user