From 1d7627af2dd7007bf9884348945434384c233f4f Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Mon, 30 Oct 2023 13:21:55 +0300 Subject: [PATCH] Feat(logcheck): Update timestamp format for new `rsyslog` in Debian 12 --- .../logcheck/files/ignore.d/local-apache2 | 2 +- .../logcheck/files/ignore.d/local-bluetooth | 2 +- .../files/ignore.d/local-console-kit-daemon | 2 +- .../roles/logcheck/files/ignore.d/local-dbus | 4 +- .../roles/logcheck/files/ignore.d/local-dhcp | 6 +- .../logcheck/files/ignore.d/local-firefox | 2 +- .../roles/logcheck/files/ignore.d/local-gcr | 1 - .../roles/logcheck/files/ignore.d/local-gkr | 2 +- .../roles/logcheck/files/ignore.d/local-gpm | 4 +- .../logcheck/files/ignore.d/local-kernel | 22 ++--- .../logcheck/files/ignore.d/local-minidsspd | 2 +- .../roles/logcheck/files/ignore.d/local-named | 40 ++++----- .../logcheck/files/ignore.d/local-no-tty | 10 +-- .../roles/logcheck/files/ignore.d/local-pa | 6 +- .../logcheck/files/ignore.d/local-postgres | 2 +- .../logcheck/files/ignore.d/local-rsyslog | 4 +- .../logcheck/files/ignore.d/local-runuser | 2 +- .../roles/logcheck/files/ignore.d/local-samba | 3 +- .../files/ignore.d/local-spamassassin | 10 +-- .../roles/logcheck/files/ignore.d/local-ssh | 88 +++++++++---------- .../files/ignore.d/local-transmission | 2 +- .../files/ignore.d/local-wpa_supplicant | 4 +- 22 files changed, 109 insertions(+), 111 deletions(-) diff --git a/playbooks/roles/logcheck/files/ignore.d/local-apache2 b/playbooks/roles/logcheck/files/ignore.d/local-apache2 index 313aba2..bf18ba2 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-apache2 +++ b/playbooks/roles/logcheck/files/ignore.d/local-apache2 @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ apache2.logrotate: Reloading Apache httpd web server: apache2\.$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ apache2.logrotate: Reloading Apache httpd web server: apache2\.$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-bluetooth b/playbooks/roles/logcheck/files/ignore.d/local-bluetooth index 119a65e..ef285f2 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-bluetooth +++ b/playbooks/roles/logcheck/files/ignore.d/local-bluetooth @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ bluetoothd\[[0-9]+\]: Endpoint (un)?registered: sender=:[0-9.]+ path=/MediaEndpoint/ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ bluetoothd\[[0-9]+\]: Endpoint (un)?registered: sender=:[0-9.]+ path=/MediaEndpoint/ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon b/playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon index e623247..8290ae7 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon +++ b/playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ console-kit-daemon\[[0-9]+\]: GLib-CRITICAL: Source ID [0-9]+ was not found when attempting to remove it$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ console-kit-daemon\[[0-9]+\]: GLib-CRITICAL: Source ID [0-9]+ was not found when attempting to remove it$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-dbus b/playbooks/roles/logcheck/files/ignore.d/local-dbus index 9c0ac1e..e562f88 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-dbus +++ b/playbooks/roles/logcheck/files/ignore.d/local-dbus @@ -1,2 +1,2 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus\[[0-9]+\]: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus-daemon\[[0-9]+\]: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ dbus\[[0-9]+\]: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ dbus-daemon\[[0-9]+\]: diff --git a/playbooks/roles/logcheck/files/ignore.d/local-dhcp b/playbooks/roles/logcheck/files/ignore.d/local-dhcp index dd38b59..7f542ef 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-dhcp +++ b/playbooks/roles/logcheck/files/ignore.d/local-dhcp @@ -1,3 +1,3 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient\[[0-9]+\]: DHCPREQUEST -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd\[[0-9]+\]: Discarding packet with bogus hlen\.$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ dhclient\[[0-9]+\]: DHCPREQUEST +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ dhcpd: DHCPRELEASE +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ dhcpd\[[0-9]+\]: Discarding packet with bogus hlen\.$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-firefox b/playbooks/roles/logcheck/files/ignore.d/local-firefox index 620f89a..afe46f8 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-firefox +++ b/playbooks/roles/logcheck/files/ignore.d/local-firefox @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ firefox: getaddrinfo\*\.gaih_getanswer: got type "DNAME"$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ firefox: getaddrinfo\*\.gaih_getanswer: got type "DNAME"$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-gcr b/playbooks/roles/logcheck/files/ignore.d/local-gcr index 118b636..6f781e0 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-gcr +++ b/playbooks/roles/logcheck/files/ignore.d/local-gcr @@ -1,2 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gcr-prompter\[[0-9]+\]: ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ gcr-prompter\[[0-9]+\]: diff --git a/playbooks/roles/logcheck/files/ignore.d/local-gkr b/playbooks/roles/logcheck/files/ignore.d/local-gkr index 1d21d29..609dd80 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-gkr +++ b/playbooks/roles/logcheck/files/ignore.d/local-gkr @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-keyring-daemon\[[0-9]+\]: asked to register item /org/freedesktop/secrets/collection/[A-Za-z0-9/_-]+, but it's already registered +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ gnome-keyring-daemon\[[0-9]+\]: asked to register item /org/freedesktop/secrets/collection/[A-Za-z0-9/_-]+, but it's already registered diff --git a/playbooks/roles/logcheck/files/ignore.d/local-gpm b/playbooks/roles/logcheck/files/ignore.d/local-gpm index 0d583e5..ee25df0 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-gpm +++ b/playbooks/roles/logcheck/files/ignore.d/local-gpm @@ -1,2 +1,2 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/gpm\[[0-9]+\]: \*\*\* warning \[daemon/processconn.c\([0-9]+\)\]: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/gpm\[[0-9]+\]: Failed gpm connect attempt by uid [0-9]+ for vc /dev/tty[0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ /usr/sbin/gpm\[[0-9]+\]: \*\*\* warning \[daemon/processconn.c\([0-9]+\)\]: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ /usr/sbin/gpm\[[0-9]+\]: Failed gpm connect attempt by uid [0-9]+ for vc /dev/tty[0-9]+ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-kernel b/playbooks/roles/logcheck/files/ignore.d/local-kernel index aa40baf..101f3d3 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-kernel +++ b/playbooks/roles/logcheck/files/ignore.d/local-kernel @@ -1,11 +1,11 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: <1054>\[[ 0-9.]+\] systemd-udevd\[[0-9]+\]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: SMB signature verification returned error -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: Server [0-9.]+ has not responded in 120 seconds\. Reconnecting\.\.\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CPU[0-9]: (Core|Package) temperature above threshold, cpu clock throttled \(total events = [0-9]+\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CPU[0-9]: (Core|Package) temperature/speed normal$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] Peer [0-9.:/]+ unexpectedly shrunk window [0-9]+:[0-9]+ \(repaired\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] TCP: request_sock_TCP: Possible SYN flooding on port [0-9]+\. Sending cookies\. Check SNMP counters\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] ncpfs: ncp_evict_inode: could not close -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] net_ratelimit: [0-9]+ callbacks suppressed$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] pcieport -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] perf: interrupt took too long +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: <1054>\[[ 0-9.]+\] systemd-udevd\[[0-9]+\]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable\. +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: SMB signature verification returned error +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: Server [0-9.]+ has not responded in 120 seconds\. Reconnecting\.\.\. +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CPU[0-9]: (Core|Package) temperature above threshold, cpu clock throttled \(total events = [0-9]+\)$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CPU[0-9]: (Core|Package) temperature/speed normal$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] Peer [0-9.:/]+ unexpectedly shrunk window [0-9]+:[0-9]+ \(repaired\)$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] TCP: request_sock_TCP: Possible SYN flooding on port [0-9]+\. Sending cookies\. Check SNMP counters\. +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] ncpfs: ncp_evict_inode: could not close +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] net_ratelimit: [0-9]+ callbacks suppressed$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] pcieport +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] perf: interrupt took too long diff --git a/playbooks/roles/logcheck/files/ignore.d/local-minidsspd b/playbooks/roles/logcheck/files/ignore.d/local-minidsspd index 7d22d5d..9b965b5 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-minidsspd +++ b/playbooks/roles/logcheck/files/ignore.d/local-minidsspd @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ minissdpd\[[0-9]+\]: method , don't know what to do +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ minissdpd\[[0-9]+\]: method , don't know what to do diff --git a/playbooks/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named index 0b96f7d..96eef6a 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-named +++ b/playbooks/roles/logcheck/files/ignore.d/local-named @@ -1,20 +1,20 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (Accepting )?TCP connection failed: socket is not connected -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (REFUSED|SERVFAIL) unexpected RCODE resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: +validating .+: (bad cache hit|no valid signature found|got insecure response; parent indicates it should be secure) -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: .*zone transfer 'phdru.name/AXFR/IN' denied -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: DNS format error from ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: _default: sending trust-anchor-telemetry query -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: broken trust chain resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: chase DS servers resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. is now trusted \(acceptance timer complete\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: missing expected cookie -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: network unreachable resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: no valid RRSIG resolving '.+/DNSKEY/IN': ([0-9]{1,3}\.){3}[0-9]{1,3}#53 -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: validating .+: verify failed due to bad signature \(keyid=[0-9]+\): RRSIG has expired +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: (Accepting )?TCP connection failed: socket is not connected +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: (REFUSED|SERVFAIL) unexpected RCODE resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: +validating .+: (bad cache hit|no valid signature found|got insecure response; parent indicates it should be secure) +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: .*zone transfer 'phdru.name/AXFR/IN' denied +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: DNS format error from ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: _default: sending trust-anchor-telemetry query +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: broken trust chain resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: chase DS servers resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. is now trusted \(acceptance timer complete\)$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: missing expected cookie +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: network unreachable resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: no valid RRSIG resolving '.+/DNSKEY/IN': ([0-9]{1,3}\.){3}[0-9]{1,3}#53 +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: validating .+: verify failed due to bad signature \(keyid=[0-9]+\): RRSIG has expired diff --git a/playbooks/roles/logcheck/files/ignore.d/local-no-tty b/playbooks/roles/logcheck/files/ignore.d/local-no-tty index 9cbaccb..baa0f5a 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-no-tty +++ b/playbooks/roles/logcheck/files/ignore.d/local-no-tty @@ -1,5 +1,5 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (links2|vim): Oh, oh, it's an error! possibly I die! -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (links2|vim): Warning: closing connection -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (links2|vim): \*\*\* err -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (links2|vim): \*\*\* info -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (links2|vim): checking tty name failed +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (links2|vim): Oh, oh, it's an error! possibly I die! +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (links2|vim): Warning: closing connection +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (links2|vim): \*\*\* err +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (links2|vim): \*\*\* info +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (links2|vim): checking tty name failed diff --git a/playbooks/roles/logcheck/files/ignore.d/local-pa b/playbooks/roles/logcheck/files/ignore.d/local-pa index 679db46..64e41f3 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-pa +++ b/playbooks/roles/logcheck/files/ignore.d/local-pa @@ -1,3 +1,3 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: ALSA woke us up to (read|write) new data (from|to) the device, but there was actually nothing to (read|write)!$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: Most likely this is a bug in the ALSA driver 'snd_hda_intel'\. Please report this issue to the ALSA developers\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: We were woken up with POLL(IN|OUT) set -- however a subsequent snd_pcm_avail\(\) returned 0 or another value < min_avail.$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: ALSA woke us up to (read|write) new data (from|to) the device, but there was actually nothing to (read|write)!$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: Most likely this is a bug in the ALSA driver 'snd_hda_intel'\. Please report this issue to the ALSA developers\.$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: We were woken up with POLL(IN|OUT) set -- however a subsequent snd_pcm_avail\(\) returned 0 or another value < min_avail.$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-postgres b/playbooks/roles/logcheck/files/ignore.d/local-postgres index 2fbc57d..5b1d447 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-postgres +++ b/playbooks/roles/logcheck/files/ignore.d/local-postgres @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ .0-9]{11,13}\] postgres \([0-9]+\): /proc/[0-9]+/oom_adj is deprecated, please use /proc/[0-9]+/oom_score_adj instead\. +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kernel: \[[ .0-9]{11,13}\] postgres \([0-9]+\): /proc/[0-9]+/oom_adj is deprecated, please use /proc/[0-9]+/oom_score_adj instead\. diff --git a/playbooks/roles/logcheck/files/ignore.d/local-rsyslog b/playbooks/roles/logcheck/files/ignore.d/local-rsyslog index fdae37b..a20b5bd 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-rsyslog +++ b/playbooks/roles/logcheck/files/ignore.d/local-rsyslog @@ -1,2 +1,2 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (liblogging-stdlog|rsyslogd): {1,2}\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https?://www.rsyslog.com"\] rsyslogd was HUPed$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd[0-9-]+: action 'action 17' (suspended|resumed) +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ (liblogging-stdlog|rsyslogd): {1,2}\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https?://www.rsyslog.com"\] rsyslogd was HUPed$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ rsyslogd[0-9-]+: action 'action 17' (suspended|resumed) diff --git a/playbooks/roles/logcheck/files/ignore.d/local-runuser b/playbooks/roles/logcheck/files/ignore.d/local-runuser index b0bb7ad..609a57f 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-runuser +++ b/playbooks/roles/logcheck/files/ignore.d/local-runuser @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ runuser: pam_unix\(runuser:session\): session (opened|closed) for user nobody +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ runuser: pam_unix\(runuser:session\): session (opened|closed) for user nobody diff --git a/playbooks/roles/logcheck/files/ignore.d/local-samba b/playbooks/roles/logcheck/files/ignore.d/local-samba index 2d3817f..300f0a8 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-samba +++ b/playbooks/roles/logcheck/files/ignore.d/local-samba @@ -1,2 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session closed for user -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session opened for user +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session opened for user diff --git a/playbooks/roles/logcheck/files/ignore.d/local-spamassassin b/playbooks/roles/logcheck/files/ignore.d/local-spamassassin index 8ef30f2..a44b39b 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-spamassassin +++ b/playbooks/roles/logcheck/files/ignore.d/local-spamassassin @@ -1,5 +1,5 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: new_dns_packet: domain is utf8 flagged: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to .+ truncated \(EDNS 4096 bytes\), 0 answer records -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: adjust: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: handled cleanup of child -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: result: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: new_dns_packet: domain is utf8 flagged: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: reply to .+ truncated \(EDNS 4096 bytes\), 0 answer records +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: adjust: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: handled cleanup of child +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: result: diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index d929eb8..c832245 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -1,44 +1,44 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Corrupted MAC on input\. \[preauth\]$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format) -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[(UNKNOWN|([0-9]{1,3}\.){3}[0-9]{1,3})\]:-?[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\) -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: read: Connection reset by peer -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Corrupted MAC on input\. \[preauth\]$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\. +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format) +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[(UNKNOWN|([0-9]{1,3}\.){3}[0-9]{1,3})\]:-?[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\) +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: read: Connection reset by peer +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes \[preauth\] +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$ diff --git a/playbooks/roles/logcheck/files/ignore.d/local-transmission b/playbooks/roles/logcheck/files/ignore.d/local-transmission index c75af02..442cc98 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-transmission +++ b/playbooks/roles/logcheck/files/ignore.d/local-transmission @@ -1 +1 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ transmission-daemon\[[0-9]+\]: UDP Failed to set (send|receive) buffer: +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ transmission-daemon\[[0-9]+\]: UDP Failed to set (send|receive) buffer: diff --git a/playbooks/roles/logcheck/files/ignore.d/local-wpa_supplicant b/playbooks/roles/logcheck/files/ignore.d/local-wpa_supplicant index 747c4d3..1dd2735 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-wpa_supplicant +++ b/playbooks/roles/logcheck/files/ignore.d/local-wpa_supplicant @@ -1,3 +1,3 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: [a-z0-9]+: CTRL-EVENT-BEACON-LOSS -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: [a-z0-9]+: WPA: Group rekeying completed with +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: [a-z0-9]+: CTRL-EVENT-BEACON-LOSS +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: [a-z0-9]+: WPA: Group rekeying completed with ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: [a-z0-9]+: WPA: Group rekeying completed with -- 2.39.5