Feat(logcheck): Add `local-kea`, update `local-named`, `local-ssh`

author Oleg Broytman <phd@phdru.name>

Mon, 30 Oct 2023 15:03:13 +0000 (18:03 +0300)

committer Oleg Broytman <phd@phdru.name>

Tue, 31 Oct 2023 04:46:41 +0000 (07:46 +0300)
author Oleg Broytman <phd@phdru.name>
Mon, 30 Oct 2023 15:03:13 +0000 (18:03 +0300)
committer Oleg Broytman <phd@phdru.name>
Tue, 31 Oct 2023 04:46:41 +0000 (07:46 +0300)
diff --git a/playbooks/roles/logcheck/files/ignore.d/local-kea b/playbooks/roles/logcheck/files/ignore.d/local-kea

new file mode 100644 (file)

index 0000000..2621dab
--- /dev/null
+++ b/playbooks/roles/logcheck/files/ignore.d/local-kea
@@ -0,0 +1,11 @@
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO  DHCP4_LEASE_ADVERT
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO  DHCP4_LEASE_ALLOC
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO  DHCPSRV_MEMFILE_LFC_START starting Lease File Cleanup
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ kea-dhcp4: INFO  DHCPSRV_MEMFILE_LFC_EXECUTE executing Lease File Cleanup
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  \[DhcpLFC.[0-9]+\] LFC_START Starting lease file cleanup
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.[0-9]+\] LFC_PROCESSING
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.dhcpsrv.[0-9]+\] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.[0-9]+\] LFC_READ_STATS
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.[0-9]+\] LFC_WRITE_STATS
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.[0-9]+\] LFC_ROTATING LFC rotating files
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ DhcpLFC: INFO  [DhcpLFC.[0-9]+\] LFC_TERMINATE LFC finished processing
diff --git a/playbooks/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named

index 96eef6add97935ff5e0fd01472ddb43de8d7ca2c..50c2e6417e666a50e7015c5acfd1eca66e2fa7de 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-named
+++ b/playbooks/roles/logcheck/files/ignore.d/local-named
@@ -7,9 +7,10 @@
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: broken trust chain resolving
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: chase DS servers resolving
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed
-^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client .*([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \(.+\): query (\(cache\) )?'.+' denied
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: loop detected resolving
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. is now trusted \(acceptance timer complete\)$
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: missing expected cookie
@@ -17,4 +18,5 @@
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: no valid RRSIG resolving '.+/DNSKEY/IN': ([0-9]{1,3}\.){3}[0-9]{1,3}#53
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: success resolving
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ named\[[0-9]+\]: validating .+: verify failed due to bad signature \(keyid=[0-9]+\): RRSIG has expired
diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh

index c83224594b34be1488478d50da428616f4ea51eb..55e31b7fd1791cb1978a277aa397698072ce1294 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -35,6 +35,7 @@
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\]
author	Oleg Broytman <phd@phdru.name>
	Mon, 30 Oct 2023 15:03:13 +0000 (18:03 +0300)
committer	Oleg Broytman <phd@phdru.name>
	Tue, 31 Oct 2023 04:46:41 +0000 (07:46 +0300)
playbooks/roles/logcheck/files/ignore.d/local-kea	[new file with mode: 0644]	patch \| blob
playbooks/roles/logcheck/files/ignore.d/local-named		patch \| blob \| history
playbooks/roles/logcheck/files/ignore.d/local-ssh		patch \| blob \| history