From d693cc4c9df9821118098c5944c0e3ad82006a5f Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Tue, 10 Dec 2019 14:09:56 +0300 Subject: [PATCH] Feat(logcheck): Update ignore patterns --- playbooks/roles/logcheck/files/ignore.d/local-named | 1 + playbooks/roles/logcheck/files/ignore.d/local-ssh | 1 + 2 files changed, 2 insertions(+) diff --git a/playbooks/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named index 918c49b..0be587e 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-named +++ b/playbooks/roles/logcheck/files/ignore.d/local-named @@ -6,4 +6,5 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index a3ebaac..1808e8d 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -14,6 +14,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (host key type|key exchange method) found\. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ -- 2.39.5