Feat(logcheck): Update ignore pattern in `local-ssh`

[ansible.git] / playbooks / roles / logcheck / files / ignore.d / local-ssh

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index 5ab90367eb4337f94838a717a6a66ae6f7c9dd4c..a3ebaacee7b138647cbc94905f71f0fb9f8b924f 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -7,7 +7,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures \[preauth\]|Change of username or service not allowed: \(admin,ssh-connection\))
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures|Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn)?) \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+