From 65858ec90afa28444fe55d13f780a6bcb8684ea3 Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Mon, 30 Oct 2023 18:03:13 +0300 Subject: [PATCH] Feat(logcheck): Add `local-kea`, update `local-named`, `local-ssh` --- playbooks/roles/logcheck/files/ignore.d/local-kea | 11 +++++++++++ playbooks/roles/logcheck/files/ignore.d/local-named | 4 +++- playbooks/roles/logcheck/files/ignore.d/local-ssh | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/logcheck/files/ignore.d/local-kea diff --git a/playbooks/roles/logcheck/files/ignore.d/local-kea b/playbooks/roles/logcheck/files/ignore.d/local-kea new file mode 100644 index 0000000..2621dab --- /dev/null +++ b/playbooks/roles/logcheck/files/ignore.d/local-kea @@ -0,0 +1,11 @@ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO DHCP4_LEASE_ADVERT +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO DHCP4_LEASE_ALLOC +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO \[DhcpLFC.[0-9]+\] LFC_START Starting lease file cleanup +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.[0-9]+\] LFC_PROCESSING +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.dhcpsrv.[0-9]+\] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.[0-9]+\] LFC_READ_STATS +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.[0-9]+\] LFC_WRITE_STATS +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.[0-9]+\] LFC_ROTATING LFC rotating files +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO [DhcpLFC.[0-9]+\] LFC_TERMINATE LFC finished processing diff --git a/playbooks/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named index 96eef6a..50c2e64 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-named +++ b/playbooks/roles/logcheck/files/ignore.d/local-named @@ -7,9 +7,10 @@ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: broken trust chain resolving ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: chase DS servers resolving ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed -^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \(.+\): query (\(cache\) )?'.+' denied ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: loop detected resolving ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. is now trusted \(acceptance timer complete\)$ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: missing expected cookie @@ -17,4 +18,5 @@ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: no valid RRSIG resolving '.+/DNSKEY/IN': ([0-9]{1,3}\.){3}[0-9]{1,3}#53 ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: success resolving ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: validating .+: verify failed due to bad signature \(keyid=[0-9]+\): RRSIG has expired diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index c832245..55e31b7 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -35,6 +35,7 @@ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\] ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\] -- 2.39.5