summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/common-local (renamed from roles/common/files/etc/logcheck/ignore.d.server/common.local)1
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/dovecot-local7
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/postfix-local12
-rw-r--r--roles/common/tasks/logging.yml4
4 files changed, 22 insertions, 2 deletions
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/common.local b/roles/common/files/etc/logcheck/ignore.d.server/common-local
index 331edeb..bf96658 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/common.local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/common-local
@@ -2,7 +2,6 @@
# Do NOT edit this file directly!
#
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [^[:space:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/master\[[[:digit:]]+\]: reload -- version
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ (; ENV=([_a-zA-Z]+=\S* )+)?; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit )
# Ansible logs everything into syslog
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-([a-z]+|<stdin>): Invoked with
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local
new file mode 100644
index 0000000..85f2f2f
--- /dev/null
+++ b/roles/common/files/etc/logcheck/ignore.d.server/dovecot-local
@@ -0,0 +1,7 @@
+# Ansible Managed
+# Do NOT edit this file directly!
+#
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\(.+\): Disconnected(: Logged out| for inactivity|: Disconnected in [[:upper:]]+|: Too many invalid IMAP commands\.)?( in=[[:digit:]]+ out=[[:digit:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, mpid=[0-9]+(, (TLS|secured), session=<[^>]+>)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, TLS, session=<[^>]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts in [[:digit:]]+ secs\):( user=<>,)?|\(auth failed, [[:digit:]]+ attempts in [[:digit:]]+ secs\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL|secured)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?, session=<[^>]+>$
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
new file mode 100644
index 0000000..deffa6b
--- /dev/null
+++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
@@ -0,0 +1,12 @@
+# Ansible Managed
+# Do NOT edit this file directly!
+#
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/postfix-script\[[[:digit:]]+\]: refreshing the Postfix mail system$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/master[[[:digit:]]+]: reload -- version [.[:digit:]]+, configuration /etc/postfix
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/smtpd\[[[:digit:]]+\]: (dis)?connect from [^[:space:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=[._[:alnum:]-]+\[[[:digit:].]{7,15}\](:[[:digit:]]{1,5})?, (conn_use=[[:digit:]]+, )?delay=[.[:digit:]]+(, delays=([.[:digit:]]+/){3}[.[:digit:]]+)?(, dsn=2(\.[[:digit:]]+){2})?, status=sent \(2[[:digit:]][[:digit:]] .+\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/anvil\[[[:digit:]]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at \w{3} [ :[:digit:]]{11}$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/anvil\[[[:digit:]]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :[:digit:]]{11}$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-|)message-id=<?[^>]+>?( \(added by [^[:space:]]+\))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(-\w+)?/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index d25a75e..472bb3b 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -19,7 +19,9 @@
mode=0640
with_items:
- logcheck.conf
- - ignore.d.server/common.local
+ - ignore.d.server/common-local
+ - ignore.d.server/dovecot-local
+ - ignore.d.server/postfix-local
- violations.ignore.d/logcheck-sudo
- name: Minimal logging policy (1)