From: Oleg Broytman Date: Fri, 26 Jul 2019 19:32:02 +0000 (+0300) Subject: Feat(logcheck): Publish my locally ignored patterns X-Git-Url: https://git.phdru.name/?a=commitdiff_plain;h=25191cf9bc1d011a6d82706c917013ac8e1d9160;p=ansible.git Feat(logcheck): Publish my locally ignored patterns --- diff --git a/playbooks/debian/roles/logcheck/files/.gitignore b/playbooks/debian/roles/logcheck/files/.gitignore index d6b7ef3..f8a9fd0 100644 --- a/playbooks/debian/roles/logcheck/files/.gitignore +++ b/playbooks/debian/roles/logcheck/files/.gitignore @@ -1,2 +1 @@ -* -!.gitignore +ignore.d/local-dhcpd diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-bluetooth b/playbooks/debian/roles/logcheck/files/ignore.d/local-bluetooth new file mode 100644 index 0000000..119a65e --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-bluetooth @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ bluetoothd\[[0-9]+\]: Endpoint (un)?registered: sender=:[0-9.]+ path=/MediaEndpoint/ diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-console-kit-daemon b/playbooks/debian/roles/logcheck/files/ignore.d/local-console-kit-daemon new file mode 100644 index 0000000..1169ef9 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-console-kit-daemon @@ -0,0 +1,2 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ console-kit-daemon\[[0-9]+\]: GLib-CRITICAL: Source ID [0-9]+ was not found when attempting to remove it$ + diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-dbus b/playbooks/debian/roles/logcheck/files/ignore.d/local-dbus new file mode 100644 index 0000000..7661db8 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-dbus @@ -0,0 +1,3 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus\[[0-9]+\]: \[system\] Activating service name='org\.freedesktop\.UDisks' \(using servicehelper\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus\[[0-9]+\]: \[system\] Successfully activated service 'org\.freedesktop\.UDisks'$ + diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-firefox b/playbooks/debian/roles/logcheck/files/ignore.d/local-firefox new file mode 100644 index 0000000..620f89a --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-firefox @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ firefox: getaddrinfo\*\.gaih_getanswer: got type "DNAME"$ diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-kernel b/playbooks/debian/roles/logcheck/files/ignore.d/local-kernel new file mode 100644 index 0000000..7387e7b --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-kernel @@ -0,0 +1,5 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] TCP: request_sock_TCP: Possible SYN flooding on port [0-9]+\. Sending cookies\. Check SNMP counters\. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: Server [0-9.]+ has not responded in 120 seconds\. Reconnecting\.\.\. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] perf: interrupt took too long +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] net_ratelimit: [0-9]+ callbacks suppressed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] Peer [0-9.:/]+ unexpectedly shrunk window [0-9]+:[0-9]+ \(repaired\)$ diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-minidsspd b/playbooks/debian/roles/logcheck/files/ignore.d/local-minidsspd new file mode 100644 index 0000000..7d22d5d --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-minidsspd @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ minissdpd\[[0-9]+\]: method , don't know what to do diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-named b/playbooks/debian/roles/logcheck/files/ignore.d/local-named new file mode 100644 index 0000000..634a8cb --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-named @@ -0,0 +1,6 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: DNS format error from ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} resolving +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-pa b/playbooks/debian/roles/logcheck/files/ignore.d/local-pa new file mode 100644 index 0000000..679db46 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-pa @@ -0,0 +1,3 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: ALSA woke us up to (read|write) new data (from|to) the device, but there was actually nothing to (read|write)!$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: Most likely this is a bug in the ALSA driver 'snd_hda_intel'\. Please report this issue to the ALSA developers\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: We were woken up with POLL(IN|OUT) set -- however a subsequent snd_pcm_avail\(\) returned 0 or another value < min_avail.$ diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-postgres b/playbooks/debian/roles/logcheck/files/ignore.d/local-postgres new file mode 100644 index 0000000..2fbc57d --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-postgres @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ .0-9]{11,13}\] postgres \([0-9]+\): /proc/[0-9]+/oom_adj is deprecated, please use /proc/[0-9]+/oom_score_adj instead\. diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-rsyslog b/playbooks/debian/roles/logcheck/files/ignore.d/local-rsyslog new file mode 100644 index 0000000..f7be8aa --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-rsyslog @@ -0,0 +1,2 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (liblogging-stdlog|rsyslogd): {1,2}\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd[0-9-]+: action 'action 17' (suspended|resumed) diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-runuser b/playbooks/debian/roles/logcheck/files/ignore.d/local-runuser new file mode 100644 index 0000000..b0bb7ad --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-runuser @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ runuser: pam_unix\(runuser:session\): session (opened|closed) for user nobody diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-samba b/playbooks/debian/roles/logcheck/files/ignore.d/local-samba new file mode 100644 index 0000000..71fbdbf --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-samba @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session closed for user diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-spamassassin b/playbooks/debian/roles/logcheck/files/ignore.d/local-spamassassin new file mode 100644 index 0000000..7101aa0 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-spamassassin @@ -0,0 +1,4 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: new_dns_packet: domain is utf8 flagged: +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: adjust: +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: handled cleanup of child +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: result: diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh b/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh new file mode 100644 index 0000000..dd75429 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh @@ -0,0 +1,16 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: Broken pipe \[preauth\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed: +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]* from ([0-9]{1,3}\.){3}[0-9]{1,3} +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (host key type|key exchange method) found\. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]+ \[preauth\]$ diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-transmission b/playbooks/debian/roles/logcheck/files/ignore.d/local-transmission new file mode 100644 index 0000000..c75af02 --- /dev/null +++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-transmission @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ transmission-daemon\[[0-9]+\]: UDP Failed to set (send|receive) buffer: