fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Lite om spamd

Browse Source
This commit is contained in:
fredrik
2023-02-02 15:54:45 +01:00
parent b8f1b5456f
commit ecc31e4403
2 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
logcheck-fw-spam
View File

@@ -23,7 +23,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: child \[[[:digit:]]+\] killed successfully: interrupted, signal 2 \(0002\)
#Mar 26 06:57:05 nada spamd.pid[10050]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd.pid\[[0-9]+\]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
#Feb 2 06:55:41 nada spamd: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd(.pid\[[0-9]+\])?: spamd: restarting using
#Mar 9 06:51:00 nada spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config: spamd: restarting using
@@ -63,15 +64,16 @@
#Mar 9 06:51:00 nada spamd[29947]: spamd: server socket closed, type IO::Socket::IP
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server socket closed, type IO::Socket::IP
Mar 9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.0)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server started on IO::Socket::IP \[127.0.0.1\]:783 \(running version 3.4.0\)
#Mar 9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.0)
#Feb 2 06:55:44 nada spamd[30095]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.6)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server started on IO::Socket::IP \[127.0.0.1\]:783 \(running version [.[:digit:]]+\)
#Mar 9 06:51:02 nada spamd[31055]: zoom: able to use 345/345 'body_0' compiled rules (100%)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: zoom: able to use [[:digit:]]+/[[:digit:]]+ 'body_0' compiled rules \(100%\)
#Nov 16 07:08:09 nada spamd[15284]: util: setuid: ruid=111 euid=111 rgid=65534 65534 egid=65534 65534
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: util: setuid: ruid=111 euid=111 rgid=65534 65534 egid=65534 65534
#Feb 2 06:55:44 nada spamd[30099]: util: setuid: ruid=0 euid=0 rgid=0 egid=0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: util: setuid:
@@ -83,4 +85,5 @@ Mar 9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: util: setuid: ruid=111 euid=111 rgid=65534 65534 egid=65534 65534
#Oct 28 06:31:02 nada spamd[3181]: prefork: child states: II [... logline repeated 32 times]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: child states: II \[... logline repeated [[:digit:]]+ times\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: child states: II \[... logline repeated [[:digit:]]+ times\]

18
testlog
View File

@@ -743,7 +743,23 @@ Feb 1 15:03:04 nada sm-mta[31865]: STARTTLS=client, relay=mx2.pub.mailpod2-cph3
Feb 1 17:36:00 nada sshd[11797]: error: beginning MaxStartups throttling
Feb 1 17:36:00 nada sshd[11797]: drop connection #8 from [185.187.169.16]:43156 on [66.23.226.92]:22 past MaxStartups
Feb 1 17:38:06 nada sshd[11797]: exited MaxStartups throttling after 00:02:06, 21 connections dropped
Feb 2 06:21:16 nada sshd[11797]: error: beginning MaxStartups throttling
Feb 2 06:21:16 nada sshd[11797]: drop connection #6 from [8.142.110.165]:42344 on [66.23.226.92]:22 past MaxStartups
Feb 2 06:23:53 nada sshd[11797]: exited MaxStartups throttling after 00:02:39, 3 connections dropped
Feb 2 06:27:17 nada sshd[29129]: Connection reset by invalid user sFTPUser 121.138.91.29 port 62397 [preauth]
Feb 2 06:33:53 nada sshd[29299]: Connection reset by invalid user dnsekakf2$$ 115.23.139.186 port 52621 [preauth]
Feb 2 06:55:20 nada runuser: pam_unix(runuser:session): session opened for user debian-spamd(uid=119) by (uid=0)
Feb 2 06:55:20 nada runuser: pam_unix(runuser:session): session closed for user debian-spamd
Feb 2 06:55:41 nada spamd: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
Feb 2 06:55:44 nada spamd[30099]: util: setuid: ruid=0 euid=0 rgid=0 egid=0
Feb 2 06:55:44 nada spamd[30095]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.6)
Feb 2 07:12:52 nada sshd[30636]: Connection reset by invalid user zyfwp 180.56.184.5 port 34852 [preauth]
Feb 2 07:28:55 nada sshd[31081]: Connection reset by invalid user pi 121.141.32.164 port 34881 [preauth]
Feb 2 07:35:27 nada sshd[31310]: Connection reset by invalid user admin 220.118.225.128 port 37353 [preauth]
Feb 2 09:40:32 nada sshd[2620]: Connection reset by invalid user admin 222.119.163.32 port 63680 [preauth]
Feb 2 09:45:58 nada sm-mta[2775]: STARTTLS=client, relay=edu-stockholm-se.mail.protection.outlook.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Feb 2 09:45:59 nada sm-mta[2775]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Feb 2 11:13:00 nada sshd[8118]: Connection reset by invalid user telnet 210.179.113.202 port 34533 [preauth]