Feat(logcheck): Update `local-named` and `local-ssh` for Debian 11

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named
index 1aa61b65d8f4659baafd8fad9b44563b00fd44e6..d984a951de796bfd04c67e8b7f468d4742ebaee8 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-named
+++ b/playbooks/roles/logcheck/files/ignore.d/local-named
@@ -7,6 +7,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. acceptance timer complete: key now trusted
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: managed-keys-zone: Key [0-9]+ for zone \. is now trusted \(acceptance timer complete\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: missing expected cookie
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: resolver priming query complete
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: validating .+: verify failed due to bad signature \(keyid=[0-9]+\): RRSIG has expired

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index d7274132a06f68515c254371a21412c4f9f7018b..ce9a72abc27ae4418d7e7dc873c4cb871e9d78d4 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -1,3 +1,4 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|bignum is negative) \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
@@ -14,11 +15,12 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: invalid format
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (could not read protocol version|invalid format)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host