Compare commits
4 Commits
65339af1f0
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 21159b1eed | |||
| bc04dc7306 | |||
| 497e2d738a | |||
| 76056b30db |
12
#logcheck-fw-dovecot#
Normal file
12
#logcheck-fw-dovecot#
Normal file
@@ -0,0 +1,12 @@
|
||||
#Oct 25 06:13:28 nada dovecot: imap(fredrik)<24465><CRYxlSXPtyEuOxpv>: Connection closed (LIST finished 0.620 secs ago) in=50 out=4460 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
|
||||
#Oct 25 11:10:57 nada dovecot: imap(cali)<31529><VbkTvSnPOGtU2IAZ>: Connection closed (LIST finished 0.658 secs ago) in=50 out=4627 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
|
||||
#Oct 25 11:11:00 nada dovecot: imap(cali)<31531><bys4vSnPNGtU2IAZ>: Connection closed (UID FETCH finished 0.341 secs ago) in=2206 out=17894 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
|
||||
#Oct 25 16:09:13 nada dovecot: imap(cali)<6202><AQ2/5y3PR2tU2IAZ>: Connection closed (UID FETCH finished 0.248 secs ago) in=1645 out=14821 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
|
||||
#Oct 25 16:12:05 nada dovecot: imap(birgitta)<6236><V/gC8i3PKJmwCoeK>: Connection closed (UID FETCH finished 0.295 secs ago) in=1906 out=15850 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
|
||||
#Oct 25 16:13:00 nada dovecot: imap(fredrik)<6240><99Nk8i3P18suOxpv>: Logged out in=2119 out=386189 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=26072
|
||||
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([[:alnum:]]+\)<[[:alnum:]]+><[\/[:alnum:]]+>: (Connection closed|Logged out in).*
|
||||
|
||||
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: STARTTLS=client(:|,)
|
||||
|
||||
123
#logcheck-fw-named#
Normal file
123
#logcheck-fw-named#
Normal file
@@ -0,0 +1,123 @@
|
||||
#
|
||||
# NAMED
|
||||
#
|
||||
#Mar 11 06:34:44 nada named[1771]: received control channel command 'reload'
|
||||
#Mar 11 06:34:44 nada named[1771]: reading built-in trusted keys from file '/etc/bind/bind.keys'
|
||||
#Mar 11 06:34:44 nada named[1771]: sizing zone task pool based on 21 zones
|
||||
#Mar 11 06:34:44 nada named[1771]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload( [.[:alnum:]]+)?'|reading built-in trusted keys from file '/etc/bind/bind.keys')
|
||||
|
||||
#Mar 10 06:43:39 nada named[1771]: client 95.170.86.14#50337: received notify for zone 'happysthlm.com'
|
||||
#Feb 6 01:00:04 nada named[2607]: client @0xf25c9754 46.21.104.9#50736: received notify for zone 'thulin.info'
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client( .*)? [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+'
|
||||
|
||||
#Mar 13 19:06:05 nada named[1771]: client 95.170.86.14#54781: transfer of 'stiy.com/IN': IXFR ended
|
||||
#Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR started
|
||||
#Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR ended
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN':( AXFR-style) IXFR (started|ended)
|
||||
|
||||
#Mar 11 06:34:44 nada named[1771]: reloading configuration succeeded
|
||||
#Mar 11 06:34:44 nada named[1771]: reloading zones succeeded
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: reloading (configuration|zones) succeeded
|
||||
|
||||
#Mar 11 06:34:44 nada named[1771]: using default UDP/IPv4 port range: [1024, 65535]
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: using default UDP/IPv(4|6) port range: \[[[:digit:]]+, [[:digit:]]+\]
|
||||
|
||||
#Mar 13 19:02:30 kvarnen named[8896]: transfer of 'acroyoga.se/IN' from 66.23.226.92#53: Transfer completed: 0 messages, 0 records, 0 bytes, 127.193 secs (0 bytes/sec)
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [.[:digit:]]+#[[:digit:]]+: Transfer completed: [[:digit:]]+ messages, [[:digit:]]+ records, [[:digit:]]+ bytes, [.[:digit:]]+ secs \([[:digit:]]+ bytes/sec\)
|
||||
|
||||
#Mar 21 05:58:39 kvarnen named[8896]: transfer of 'happysthlm.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#33872
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [.[:digit:]]+#[[:digit:]]+: connected using [.[:digit:]]+#[[:digit:]]+
|
||||
|
||||
#Mar 21 05:58:32 kvarnen named[8896]: zone happysthlm.se/IN: refresh: retry limit for master 66.23.226.92#53 exceeded (source 0.0.0.0#0)
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-.[:alnum:]]+/IN: refresh: retry limit for master [.[:digit:]]+#[[:digit:]]+ exceeded \(source [.[:digit:]]+#[[:digit:]]+\)
|
||||
|
||||
#Mar 16 21:43:05 kvarnen named[8896]: master 66.23.226.92#53 (source 0.0.0.0#0) deleted from unreachable cache
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: master [.[:digit:]]+#[[:digit:]]+ \(source [.[:digit:]]+#[[:digit:]]+\) deleted from unreachable cache
|
||||
|
||||
#Mar 24 02:08:41 nada named[5002]: client 192.42.132.103#45345: notify question section contains no SOA
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: notify question section contains no SOA
|
||||
|
||||
#Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
|
||||
#Apr 2 22:17:28 nada named[300]: managed-keys-zone: No DNSKEY RRSIGs found for '.': succes
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone( ./IN)?: No DNSKEY RRSIGs found for '.': success
|
||||
|
||||
#Apr 2 22:49:14 nada named[5002]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
|
||||
#Apr 13 16:22:06 nada named[296]: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone( ./IN)?: Unable to fetch DNSKEY set '[.[:alnum:]]+': SERVFAIL
|
||||
|
||||
#Dec 19 17:32:19 nada named[5082]: managed-keys-zone: Active key unexpectedly missing from dlv.isc.org
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone: Active key unexpectedly missing from dlv.isc.org
|
||||
|
||||
#Feb 5 21:24:45 nada named[2607]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone: Key [[:digit:]]+ for zone . is now trusted \(acceptance timer complete\)
|
||||
|
||||
|
||||
#Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
|
||||
#Jan 22 00:09:11 nada named[5354]: validating ns2.ninjashost.net.br/A: got insecure response; parent indicates it should be secure
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: validating [.@\/[:alnum:]]+(: . NS)?: got insecure response; parent indicates it should be secure
|
||||
|
||||
#Apr 10 05:59:24 marconi named[7781]: validating formelracing.se/SOA: no valid signature found
|
||||
#Apr 10 05:59:24 marconi named[7781]: validating formelracing.se/A: no valid signature found
|
||||
#Apr 10 05:59:24 marconi named[7781]: validating cmqpg0nlq5bi4s4ucti6jj2avrd7mhtj.formelracing.se/NSEC3: no valid signature found
|
||||
#Dec 2 12:09:09 nada named[256]: validating shsye.org/NS: no valid signature found
|
||||
#Dec 2 12:09:09 nada named[256]: validating 20150901._domainkey.smgrid.com/NSEC: no valid signature found
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]:[[:space:]]+validating [-_.[:alnum:]]+/[[:alnum:]]+: no valid signature found
|
||||
|
||||
#Mar 3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
|
||||
|
||||
#Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
|
||||
#Apr 20 20:40:11 marconi named[11602]: client 125.64.94.201#52717: message parsing failed: bad label type
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad (compression pointer|label type)
|
||||
|
||||
#Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-.[:alnum:]]+/IN: loaded serial [[:digit:]]+
|
||||
|
||||
#Apr 10 06:49:43 nada named[297]: automatic empty zone: 10.IN-ADDR.ARPA
|
||||
#Apr 10 06:49:43 nada named[297]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: automatic empty zone: [.[:alnum:]]+(IN-ADDR|IP6).ARPA
|
||||
|
||||
#Apr 11 06:48:06 nada named[297]: all zones loaded
|
||||
#Apr 11 06:48:06 nada named[297]: running
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (all zones loaded|running)
|
||||
|
||||
#Apr 11 06:48:06 nada rndc[15568]: server reload successful
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rndc\[[[:digit:]]+\]: server reload successful
|
||||
|
||||
#Apr 13 00:24:51 marconi named[7781]: DNS format error from 8.8.8.8#53 resolving slashdot.org/DS: Name . (SOA) not subdomain of zone org -- invalid response
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: DNS format error from [\#.[:digit:]]+ resolving [-_.[:alnum:]]+/DS: Name . \(SOA\) not subdomain of zone org -- invalid response
|
||||
|
||||
#Oct 28 07:54:13 nada named[368]: client @0xf242cb64 104.180.184.102#80 (.): query failed (REFUSED) for ./IN/RRSIG at query.c:5498
|
||||
#Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498
|
||||
#Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
|
||||
#Dec 2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465
|
||||
#Jan 20 19:12:46 nada named[256]: client @0xf20be340 45.148.10.241#23353 (e\003co): query failed (REFUSED) for e\003co/IN/ANY at query.c:5560
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-_.\\[:alnum:]]+\):
|
||||
|
||||
#Feb 2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
|
||||
|
||||
|
||||
#Dec 1 18:09:32 nada named[256]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
|
||||
#Dec 1 00:38:25 nada named[256]: checkhints: l.root-servers.net/AAAA (2001:500:3::42) extra record in hints
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: checkhints: [-_.[:alnum:]]+/[[:alnum:]]+
|
||||
|
||||
|
||||
#Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: signer "fredrik.wahlberg.se" approved
|
||||
#Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': deleting rrset at 'casanegra.wahlberg.se' A
|
||||
#Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': adding an RR at 'casanegra.wahlberg.se' A 155.4.86.220
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+/key fredrik.wahlberg.se
|
||||
|
||||
#Jan 20 06:09:13 nada named[256]: skipping nameserver 'ns2.seotraininghut.com' because it is a CNAME, while resolving 'root._domainkey.bbchempack.com/A'
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: skipping nameserver
|
||||
|
||||
#Jun 8 01:01:04 nada nscd: 28428 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd: [[:digit:]]+ den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
|
||||
#May 17 14:53:36 nada named[5062]: missing expected cookie from 211.216.50.150#53
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: missing expected cookie from [#.[:digit:]]+
|
||||
|
||||
#May 17 19:22:07 nada named[5062]: clients-per-query decreased to 27
|
||||
#May 17 19:42:07 nada named[5062]: clients-per-query decreased to 26
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: clients-per-query decreased to [[:digit:]]+
|
||||
@@ -111,3 +111,15 @@
|
||||
|
||||
#Jan 20 06:09:13 nada named[256]: skipping nameserver 'ns2.seotraininghut.com' because it is a CNAME, while resolving 'root._domainkey.bbchempack.com/A'
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: skipping nameserver
|
||||
|
||||
#Jun 8 01:01:04 nada nscd: 28428 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd: [[:digit:]]+ den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
|
||||
#May 17 14:53:36 nada named[5062]: missing expected cookie from 211.216.50.150#53
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: missing expected cookie from [#.[:digit:]]+
|
||||
|
||||
#May 17 19:22:07 nada named[5062]: clients-per-query decreased to 27
|
||||
#May 17 19:42:07 nada named[5062]: clients-per-query decreased to 26
|
||||
#May 22 16:02:49 nada named[5062]: clients-per-query increased to 30
|
||||
May 22 17:01:48 nada named[5062]: clients-per-query increased to 33#
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: clients-per-query (in|de)creased to [[:digit:]]+
|
||||
|
||||
@@ -10,4 +10,7 @@
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: (do_auth)?[[:blank:]]+: auth failure: \[user=([[:print:]]+)?\] \[service=(smtp)?\] \[realm=([[:print:]]+)?\] \[mech=(pam|shadow)\] \[reason=(Unknown|PAM auth error|Invalid username|Incorrect password)\]
|
||||
|
||||
#Oct 26 09:44:50 nada saslauthd[275]: : NULL password received
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: (do_auth)?[[:blank:]]+: NULL password received
|
||||
#May 16 23:23:44 nada saslauthd[18364]: : NULL login received
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: (do_auth)?[[:blank:]]+: NULL (password|login) received
|
||||
|
||||
|
||||
|
||||
@@ -90,3 +90,8 @@
|
||||
#Feb 3 06:44:29 nada runuser: pam_unix(runuser:session): session opened for user debian-spamd(uid=119) by (uid=0)
|
||||
#Feb 3 06:44:29 nada runuser: pam_unix(runuser:session): session closed for user debian-spamd
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ runuser: pam_unix\(runuser:session\): session (closed|opened) for user debian-spamd
|
||||
|
||||
#Mar 20 18:03:13 nada pyspf-milter[30540]: connect from aws-45.mta.apsis1.com at ('185.64.73.45', 54529) EXTERNAL
|
||||
#Mar 20 18:06:37 nada pyspf-milter[30540]: connect from s1-b441.socketlabs.email-od.com at ('142.0.180.65', 49374) EXTERNAL
|
||||
#Mar 20 18:08:44 nada pyspf-milter[30540]: connect from [111.26.95.254] at ('111.26.95.254', 44678) EXTERNAL
|
||||
\w{3} [ :0-9]{11} [._[:alnum:]-]+ pyspf-milter\[[0-9]+\]: connect from
|
||||
114
logcheck_debian
114
logcheck_debian
@@ -410,3 +410,117 @@
|
||||
#Jan 22 00:01:04 nada nscd: 271 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd: 271 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
|
||||
#May 17 21:16:19 nada sm-mta[13757]: 64HJGGtv013757: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
#May 17 21:16:28 nada sm-mta[13759]: 64HJGQIQ013759: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: Milter: data, reject=451 4.3.2 Please try again later
|
||||
|
||||
#Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds
|
||||
#Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds
|
||||
#Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from (\[[.[:digit:]]+\]|[-.[:alnum:]]+) \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds
|
||||
|
||||
#Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Service unavailable
|
||||
|
||||
#Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found)
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Host unknown \(Name server:
|
||||
#[-.[:alnum:]]+: host not found\)
|
||||
|
||||
|
||||
#Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
|
||||
#Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
|
||||
#Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n
|
||||
#Apr 12 15:05:34 nada sm-mta[20644]: v3CD5WoV020644: [60.191.40.195]: probable open proxy: command=GET / HTTP/1.0\r\n
|
||||
#Jan 20 20:45:31 nada sm-mta[27401]: 40KJjVOo027401: ec2-13-40-30-39.eu-west-2.compute.amazonaws.com [13.40.30.39]: probable open proxy: command=GET /logon.htm HTTP/1.1\r\n
|
||||
#Jan 20 20:50:45 nada sm-mta[27482]: 40KJojHp027482: ec2-13-40-30-39.eu-west-2.compute.amazonaws.com [13.40.30.39]: probable open proxy: command=GET /login.jsp HTTP/1.1\r\n
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: .*: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.(0|1)\\r\\n
|
||||
|
||||
#Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
|
||||
|
||||
#Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client: 7813:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
|
||||
#Oct 24 17:54:12 nada sm-mta[11900]: STARTTLS=client: 11900:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client: [[:digit:]]+:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
|
||||
|
||||
#Oct 24 06:04:11 nada sm-mta[7813]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.adlibris.com, reject=403 4.7.0 TLS handshake failed.
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: ruleset=tls_server, arg1=SOFTWARE, relay=[.[:alnum:]]+, reject=403 4.7.0 TLS handshake failed.
|
||||
|
||||
#Mar 4 09:14:31 nada sm-mta[25219]: v248EUKL025219: AUTH decode64 error [-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\\r"\], relay=\[[.:[:digit:]]+\]
|
||||
|
||||
#Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack)
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: Fixed MIME Content-Type header field \(possible attack\)
|
||||
|
||||
#Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "[=\\[:alnum:]]+"\], relay=\[[.:[:digit:]]+\]
|
||||
|
||||
#Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
|
||||
#Sep 12 10:27:41 nada sm-mta[4522]: STARTTLS: read error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
|
||||
#Sep 8 20:49:21 nada sm-mta[14243]: STARTTLS: read error=syscall error (-1), errno=110, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
|
||||
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: (read|write) error=syscall error \(-1\), errno=[[:digit:]]+, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=(1|99), ssl_err=5
|
||||
|
||||
#Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[0-9]+\]: [[:alnum:]]+: Authentication-Warning: nada.wahlberg.se: www-data set sender to [.@[:alnum:]]+ using -f
|
||||
|
||||
|
||||
|
||||
#
|
||||
# SUHOSIN
|
||||
#
|
||||
|
||||
#Mar 11 21:08:21 nada suhosin[30831]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '91.121.230.152', file '/home/happysthlm/www.happysthlm.se/wp/xmlrpc.php')
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables - \([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '.*'\)
|
||||
|
||||
#Mar 11 21:10:17 nada suhosin[30832]: ALERT - configured request variable name length limit exceeded - dropped variable
|
||||
#Aug 23 06:06:16 nada suhosin[4003]: ALERT - configured GET variable value length limit exceeded - dropped variable 'page' (attacker '216.172.189.152', file '/home/fredrik/www.wahlis.com/dnsupdate/man.php')
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - configured (GET|request) variable (value|name) length limit exceeded - dropped variable
|
||||
|
||||
#Apr 19 21:14:31 nada suhosin[28060]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'file' (attacker '62.210.203.159', file '/home/happysthlm/www.happysthlm.se/index.php')
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'file' \(attacker '[.[:digit:]]+', file '.*'\)
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Systemd
|
||||
#
|
||||
|
||||
#Oct 13 08:31:17 kvarnen systemd[1]: Starting Cleanup of Temporary Directories...
|
||||
#Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories.
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Started|Starting) Cleanup of Temporary Directories.{1,3}
|
||||
|
||||
#Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0)
|
||||
#Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody
|
||||
#Apr 18 17:29:30 nada systemd: pam_unix(systemd-user:session): session opened for user petter by (uid=0)
|
||||
#Apr 18 17:33:38 nada systemd: pam_unix(systemd-user:session): session closed for user petter
|
||||
#Apr 11 15:12:51 nada systemd: pam_unix(systemd-user:session): session closed for user fredrik
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user (nobody|fredrik|petter)( by \(uid=0\))?
|
||||
|
||||
|
||||
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: Existing logind session ID 264242 used by new audit session, ignoring
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Existing logind session ID [[:digit:]]+ used by new audit session, ignoring
|
||||
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: New session c12 of user nobody.
|
||||
#Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12.
|
||||
#Apr 11 10:58:01 nada systemd-logind[306]: New session c14 of user fredrik.
|
||||
#Apr 11 11:04:24 nada systemd-logind[306]: New session c15 of user fredrik.
|
||||
#Apr 18 17:29:30 nada systemd-logind[305]: New session c36 of user petter.
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: (Removed session [[:alnum:]]+.|New session [[:alnum:]]+ of user (nobody|fredrik|petter).)
|
||||
|
||||
|
||||
#Jan 20 08:06:05 nada dbus-daemon[240]: [system] Reloaded configuration
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dbus-daemon\[[[:digit:]]+\]: \[system\] Reloaded configuration
|
||||
|
||||
|
||||
#Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ fredrik\[[[:digit:]]+\]: Kontrollrad. Syns detta har vi problem...
|
||||
|
||||
#Jan 22 00:01:04 nada nscd: 271 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd: 271 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
|
||||
#May 17 21:16:19 nada sm-mta[13757]: 64HJGGtv013757: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
#May 17 21:16:28 nada sm-mta[13759]: 64HJGQIQ013759: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
|
||||
|
||||
|
||||
12
testlog
12
testlog
@@ -791,6 +791,18 @@ Mar 31 19:21:30 nada sshd[18955]: Disconnected from invalid user 212.70.149.150
|
||||
Mar 31 20:28:36 nada sshd[21092]: Disconnected from invalid user 212.70.149.150 port 28708 [preauth]
|
||||
Jan 22 00:01:04 nada nscd: 271 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
Jan 22 00:09:11 nada named[5354]: validating ns2.ninjashost.net.br/A: got insecure response; parent indicates it should be secure
|
||||
Jun 8 01:01:04 nada nscd: 28428 den övervakade filen ”/etc/resolv.conf” var moved into place, lägger till vakt
|
||||
Mar 20 18:03:13 nada pyspf-milter[30540]: connect from aws-45.mta.apsis1.com at ('185.64.73.45', 54529) EXTERNAL
|
||||
Mar 20 18:06:37 nada pyspf-milter[30540]: connect from s1-b441.socketlabs.email-od.com at ('142.0.180.65', 49374) EXTERNAL
|
||||
Mar 20 18:08:44 nada pyspf-milter[30540]: connect from [111.26.95.254] at ('111.26.95.254', 44678) EXTERNAL
|
||||
May 17 19:22:07 nada named[5062]: clients-per-query decreased to 27
|
||||
May 17 19:42:07 nada named[5062]: clients-per-query decreased to 26
|
||||
May 17 21:16:19 nada sm-mta[13757]: 64HJGGtv013757: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
May 17 21:16:28 nada sm-mta[13759]: 64HJGQIQ013759: Milter: data, reject=554 5.7.1 Spam message rejected
|
||||
May 17 14:53:36 nada named[5062]: missing expected cookie from 211.216.50.150#53
|
||||
May 16 23:23:44 nada saslauthd[18364]: : NULL login received
|
||||
May 22 16:02:49 nada named[5062]: clients-per-query increased to 30
|
||||
May 22 17:01:48 nada named[5062]: clients-per-query increased to 33
|
||||
|
||||
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
|
||||
Aug 23 18:39:24 nada fredrik[1713]: Sista raden
|
||||
|
||||
Reference in New Issue
Block a user