From: Oleg Broytman Date: Fri, 24 Dec 2021 12:15:51 +0000 (+0300) Subject: Feat(logcheck): Update `local-ssh` X-Git-Url: https://git.phdru.name/?a=commitdiff_plain;h=0566bbe9d1d3a7e93b723bf6349810c7a80145d3;p=ansible.git Feat(logcheck): Update `local-ssh` --- diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index 1dd7bc3..81c6b43 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -38,3 +38,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: ssh_dispatch_run_fatal: Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: message authentication code incorrect \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$ + +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling