[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server

Fri, 14 May 2004 06:14:12 -0600

Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv29987/rulefiles/linux/ignore.d.server

Modified Files:
	postfix ssh 
Added Files:
	bind rpc_statd 
Log Message:

new rules from weasel at #debian.de.
nice stuff for worstation and small enhancement for server.

--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/postfix	2004/05/13 18:32:42	1.8
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/postfix	2004/05/14 12:14:12	1.9
@@ -1,7 +1,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+: skipped, still being delivered$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+: from=<.*>, status=expired, returned to sender$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+: message-id=<.*>( \(.*\))?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: message-id=<.*>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: message-id=<.*>( \(.*\))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=10:certificate has expired$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(smtp|smtpd)\[[0-9]+\]: verify error:num=27:certificate not trusted$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh	2004/04/21 23:43:01	1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh	2004/05/14 12:14:12	1.3
@@ -1,4 +1,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+ (ssh|ssh2)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) session opened for user root by root\(uid=0\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [.0-9]+ port 22\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$


