Feat(logcheck): Update `local-ssh`

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index f5e826bb02057caf3378c0ea5b8319e080315343..e73b51b240bdd2dac7e2a42e1a82c5e1b180bc5f 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -1,5 +1,6 @@
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (error: )?Received disconnect from
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (fatal: )?Timeout before authentication
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\]
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Bad protocol version identification
@@ -17,6 +18,7 @@
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM [0-9] more authentication failures?
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PerSourcePenalties logging rate-limited: additional [0-9]+ connections dropped
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+:
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format)
@@ -39,7 +41,6 @@
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: error: userauth_pubkey: parse key: invalid format \[preauth\]
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: exited MaxStartups throttling
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
-^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (fatal: )?Timeout before authentication
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: userauth_finish: send failure packet: (Broken pipe|Connection reset by peer) \[preauth\]$