From fce2bc14460fd806d1baf08acbb71b85ed06ac0b Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Wed, 8 Jan 2020 03:16:07 +0300 Subject: [PATCH] Feat(logcheck): Update ignore pattern in `local-ssh` --- playbooks/roles/logcheck/files/ignore.d/local-ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index 83febb3..fb95260 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -7,7 +7,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures|Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn)?) \[preauth\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures|Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*)?) \[preauth\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -- 2.39.2