From f503454e89f3f3b8a21589906b4d43cd0f73e420 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 13 Nov 2012 21:44:33 +0100 Subject: Fixed logcheck --- fripost-docs.org | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index f89f344..d73b83f 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -150,9 +150,9 @@ sudo aptitude install logcheck syslog-summary ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: TIMEOUT: dns.loopia.se after 120 seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:80 socket: IO::Socket::INET: Bad hostname 'dns.loopia.se'$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:80 socket: IO::Socket::INET: connect: Connection timed out$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: SSL connect attempt failed because of handshake problemserror:00000000:lib(0):func(0):reason(0) IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown errorerror:00000000:lib(0):func(0):reason(0) IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: Timeout IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: SSL connect attempt failed because of handshake problemserror:00000000:lib\(0\):func\(0\):reason\(0\) IO::Socket::INET configuration failederror:00000000:lib\(0\):func\(0\):reason\(0\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown errorerror:00000000:lib\(0\):func\(0\):reason\(0\) IO::Socket::INET configuration failederror:00000000:lib\(0\):func\(0\):reason\(0\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: connect: Connection timed out IO::Socket:: INET configuration failederror:00000000:lib\(0\):func\(0\):reason\(0\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: file /var/cache/ddclient/ddclient.cache, line [0-9]+: Invalid Value for keyword 'ip' = ''$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: updating [._[:alnum:]-]+: nochg: No update required; unnecessary attempts to change to the current address are considered abusive$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]{7,15} interface [.0-9]{7,15} -> [.0-9]{7,15}$ @@ -161,12 +161,19 @@ sudo aptitude install logcheck syslog-summary ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtpd|cleanup|trivial-rewrite|postmap)\[[0-9]+\]: warning: dict_ldap_open: /etc/postfix/ldap/ldap_virtual_alias_catchall_maps.cf: Fixed query_filter \(\&\(ObjectClass=virtualAliases\)\(mailLocalAddress=\)\(isActive=TRUE\)\) is probably useless$ # | Untrusted connections should be taken care of on the client's side. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: Untrusted TLS connection established from -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[0-9.:]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint= +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [._[:alnum:]-]+\[[:[:xdigit:].]+\]: (Unt|T)rusted: subject_CN=.*, issuer=.*, fingerprint= # | Postfix reload ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script\[[[:digit:]]+\]: refreshing the Postfix mail system$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/master\[[[:digit:]]+\]: reload -- version # | slapo-constraint ignores slapd's logging configuration ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ slapd\[[[:digit:]]+\]: constraint_update\(\)$ +# | On the MXs only: Servers that don't speak proper (E)SMTP don't deserve to be listened. +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: improper command pipelining after (EHLO|DATA) from [._[:alnum:]-]+\[[:[:xdigit:].]+\]$ +# | On the MXs only: Poorly configured server certificates will be ignored and the connection will back as untrusted. +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: certificate verification failed for [._[:alnum:]-]+\[[:[:xdigit:].]+\]: not designated for use as a client certificate$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: client certificate verification failed for [._[:alnum:]-]+\[[:[:xdigit:].]+\]: certificate has expired$ +# | On Benjamin +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? usb [[:digit:]]+-[.[:digit:]]+: (new|reset) (low|full|high) speed USB device using ([_[:alnum:]-]+ and )?address [[:digit:]]+$ ** Configuring aptitude and friends @@ -2131,6 +2138,7 @@ Finally, we need a new set of rules for logcheck: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-lists/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: message-id=(?)?( \(added by [^[:space:]]+\))?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-lists/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: removed$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-lists/n?qmgr\[[[:digit:]]+\]: [[:alnum:]]+: skipped, still being delivered$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-lists/trivial-rewrite\[[[:digit:]]+\]: table cdb:/etc/postfix-lists/(:?mailman|schleuder)/transport\([-,|_[:alnum:]]+\) has changed -- restarting$ (We could use the whole /etc/logcheck/ignore.d.server/postfix, but it's better to stick to the smallest rule set.) -- cgit v1.2.3