fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
fa2f30e7c51309d183d35c59ef5b7b12d420af22
logcheck/logcheck_ubuntu
Fredrik Wahlberg fa2f30e7c5 Lade till mosquitto
2017-08-09 09:40:48 +02:00

213 lines
11 KiB
Plaintext
Raw Blame History

#
# BACKUP
#
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ BACKUP:
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ backup\[[[:digit:]]+\]
#
# DBUS
#
#Mar 2 16:25:24 marconi dbus[1185]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
#Mar 2 16:25:24 marconi dbus[1185]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
# CATCH ALL
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dbus\[[[:digit:]]+\]: \[system\]
#
# DHCP
#
#Mar 2 16:25:24 marconi dhclient[22777]: bound to 192.168.1.118 -- renewal in 30618 seconds.
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: bound to [.:[:digit:]]+ -- renewal in [[:digit:]]+ seconds.
#Mar 2 16:25:24 marconi dhclient[22777]: DHCPACK of 192.168.1.118 from 192.168.1.1
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPACK of [.:[:digit:]]+ from [.:[:digit:]]+
#Mar 2 16:25:24 marconi dhclient[22777]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x74f7120)
#Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb)
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPREQUEST of [.:[:digit:]]+ on enp4s0 to [.:[:digit:]]+ port 67 \(xid\=[[:alnum:]]+\)
#Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: new request (1 scripts)
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: new request \(1 scripts\)
#Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts...
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: start running ordered scripts...
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1
#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: enp4s0: (adding|removing)( default)? route (via|to) 192.168.?.?(\/24)?
#Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: if_route \(ADD\): File exists
#
# HOME ASSISTANT
#
#Apr 24 07:22:45 marconi hass[18805]: #033[32m17-04-24 07:22:45 INFO (MainThread) [homeassistant.components.automation] Executing Portvakten#033[0m
#Apr 24 07:22:45 marconi hass[18805]: #033[32m17-04-24 07:22:45 INFO (MainThread) [homeassistant.helpers.script] Script Portvakten: Running script#033[0m
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ hass\[[[:digit:]]+\]:
#\#033\[32m[ -:[:digit:]]{17}
#
# Mosquitto
#
#Aug 7 13:15:02 marconi mosquitto[31703]: mosquitto version 1.4.8 (build date Mon, 26 Jun 2017 09:31:02 +0100) starting
#Aug 7 13:15:02 marconi mosquitto[31703]: Config loaded from /etc/mosquitto/mosquitto.conf.
#Aug 7 13:15:02 marconi mosquitto[31703]: Opening ipv4 listen socket on port 1883.
#Aug 7 13:15:34 marconi mosquitto[31703]: New client connected from 82.196.161.66 as fredrikmaximilian (c0, k3600).
#Aug 7 13:45:02 marconi mosquitto[31703]: Saving in-memory database to /var/lib/mosquitto/mosquitto.db.
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ mosquitto\[[[:digit:]]+\]:
#
# NAMED
#
#Mar 3 06:21:50 marconi named[27570]: client 106.185.43.131#50963: message parsing failed: unexpected end of input
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:#[:digit:]]+: message parsing failed: unexpected end of input
#
# SSHD
#
#Mar 2 14:16:53 marconi sshd[4282]: Connection closed by 163.172.210.106 port 56708 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
#Mar 2 13:42:26 marconi sshd[25003]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
#Mar 2 17:00:04 marconi sshd[31419]: Received disconnect from 116.31.116.18 port 20137:11: [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: (disconnected by user| \[preauth\])
#Mar 2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [.:[:digit:]]+ (port [.:[:digit:]]+ )?
#Mar 2 17:00:24 marconi sshd[556]: Connection reset by 119.147.115.37 port 1841 [preauth]
#Mar 2 17:07:35 marconi sshd[2635]: Connection reset by 119.147.115.37 port 1070 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by [.:[:digit:]]+ port [.:[:digit:]]+ \[preauth\]
#Mar 2 17:04:13 marconi sshd[1368]: Disconnecting: Too many authentication failures [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]
#Mar 2 17:04:13 marconi sshd[1368]: error: maximum authentication attempts exceeded for root from 39.173.242.89 port 61397 ssh2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\]
#Mar 2 14:02:26 marconi sshd[648]: Accepted publickey for fredrik from 155.4.131.66 port 2983 ssh2: RSA SHA256:nN4hIQerkj/cftGXDuAmeiduRLomIKBSxT0ssoPTysc
#Feb 27 16:18:14 marconi sshd[30894]: Accepted publickey for fredrik from 213.153.113.136 port 60681 ssh2: RSA SHA256:wtbGEMuojY+6IMUyU8t0rkg4bZoxeb07q1PqctZODzQ
#Feb 28 03:15:06 marconi sshd[9243]: Accepted publickey for root from 66.23.226.92 port 35645 ssh2: RSA SHA256:Z0G8XQQjwahIdAJmj/DA0j29v+zA2v17C4b0rvOV6Nw
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted publickey for [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2: RSA [.:/[:alnum:]]+
#Mar 2 20:18:14 marconi sshd[31811]: Received disconnect from 72.167.13.11 port 32867:11: Bye Bye [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: Bye Bye \[preauth\]
#Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
#Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: [-,[:alnum:]]+ \[preauth\]
#Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\]
#Feb 27 18:16:55 marconi sshd[30123]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
#
# SYSTEMD
#
# TILLFÄLLIG CATCH ALL
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[
#Mar 2 13:23:45 marconi systemd[1]: Started CUPS Scheduler.
#Mar 2 16:25:24 marconi systemd[1]: Started Network Manager Script Dispatcher Service.
#Mar 2 16:25:24 marconi systemd[1]: Starting Network Manager Script Dispatcher Service...
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ed|ing) (Network Manager Script Dispatcher Service|CUPS Scheduler).+
#Mar 2 17:16:35 marconi systemd[1]: Started Session 85612 of user fredrik.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ed|ing) Session [[:digit:]]+ of user [[:alnum:]].
#Mar 2 22:01:02 marconi systemd[1]: Starting Daily apt activities...
#Mar 2 22:01:04 marconi systemd[1]: Started Daily apt activities.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ed|ing) Daily apt activities.+
#Mar 2 22:01:04 marconi systemd[1]: apt-daily.timer: Adding 6h 5min 38.342426s random time.
#Mar 2 22:01:04 marconi systemd[1]: apt-daily.timer: Adding 6h 2min 20.962257s random time.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: apt-daily.timer: Adding [[:digit:]]+h [[:digit:]]+min [.[:digit:]]+s random time.
#Mar 2 17:16:35 marconi systemd-logind[1241]: New session 85612 of user fredrik.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: New session [[:digit:]]+ of user [[:alnum:]]+
#Mar 2 17:16:35 marconi systemd-logind[1241]: Removed session 85603.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Removed session [[:digit:]]+
#Feb 28 03:17:11 marconi systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
#Feb 28 03:17:18 marconi systemd: pam_unix(systemd-user:session): session closed for user root
#Apr 11 15:12:51 nada systemd: pam_unix(systemd-user:session): session closed for user fredrik
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user (root|fredrik)( by \(uid=0\))?
#
# Specialregler för Marconi
#
#Mar 4 16:21:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
#Mar 5 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
#
# SAMBA
#
#Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823, 0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nmbd\[[[:digit:]]+\]: \[[ .:,/[:digit:]]+
#Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792332, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
#Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Purged 0 orphaned posts.
#Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Removed 0 (feeds) 0 (cats) orphaned counter cache entries.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ update_daemon2.php\[[[:digit:]]+\]: \[[ .:,/[:digit:]]+
#
# TELLDUSD
#
#Mar 2 16:48:02 marconi telldusd: Execute a TellStick Action for device 1
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ telldusd: Execute a TellStick Action for device [[:digit:]]
#Mar 4 18:46:37 marconi telldusd: message repeated 2 times: [ Execute a TellStick Action for device 4]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ telldusd: message repeated [[:digit:]] times: \[ Execute a TellStick Action for device [[:digit:]]\]
#
# Desktop
#
# Ignorera gnome etc..
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ org.gnome
#
# Temporärt
#
#Mar 2 15:55:13 marconi smartd[17895]: Device: /dev/sdc
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/sdc
Reference in New Issue View Git Blame Copy Permalink