diff --git a/logcheck_ignore b/logcheck_ignore index a9457bb..e9d7445 100644 --- a/logcheck_ignore +++ b/logcheck_ignore @@ -12,8 +12,6 @@ # Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown - - # # CLAMAV # @@ -362,7 +360,8 @@ #May 19 10:39:19 nada sshd(pam_google_authenticator)[18265]: Failed to compute location of secret file #May 19 14:05:07 nada sshd(pam_google_authenticator)[20232]: Did not receive verification code from user #May 19 14:05:17 nada sshd(pam_google_authenticator)[20399]: Invalid verification code -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: (Failed to read \"[/[:alnum:]]+\/.google_authenticator\"|Invalid verification code|Failed to compute location of secret file|Did not receive verification code from user) +#Feb 28 21:45:36 nada sshd(pam_google_authenticator)[26185]: Failed to update secret file "/root/.google_authenticator" +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: (Failed to (read|update) \"[/[:alnum:]]+\/.google_authenticator\"|Invalid verification code|Failed to compute location of secret file|Did not receive verification code from user) # Mar 10 11:12:56 nada sshd[26548]: Received disconnect from 94.102.49.198: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] # Apr 7 05:56:43 kvarnen sshd[2034]: error: Received disconnect from 212.83.191.8: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] @@ -439,8 +438,8 @@ \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=[-.[:alnum:]]+ user=[[:alnum:]]+ - - +#Mar 1 03:03:26 nada sshd[28313]: fatal: Write failed: Broken pipe [preauth] +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe \[preauth\] # diff --git a/testlog b/testlog index 81358fe..f72ca7d 100644 --- a/testlog +++ b/testlog @@ -236,3 +236,4 @@ Mar 1 09:28:37 nada sshd[4919]: Postponed keyboard-interactive/pam for root fro Mar 1 09:28:40 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth] Mar 1 09:28:43 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth] Mar 1 09:29:01 nada sshd[4939]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 58713 ssh2 [preauth] +Mar 1 03:03:26 nada sshd[28313]: fatal: Write failed: Broken pipe [preauth]