Feat(logcheck): Add `local-kea`, update `local-named`, `local-ssh`

[ansible.git] / playbooks / roles / logcheck / files / ignore.d / local-ssh

^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Corrupted MAC on input\. \[preauth\]$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+:
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format)
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[(UNKNOWN|([0-9]{1,3}\.){3}[0-9]{1,3})\]:-?[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification:
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\)
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: read: Connection reset by peer
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes \[preauth\]
^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$