[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User maks-guest
logcheck-devel at lists.alioth.debian.org
Wed May 24 21:44:59 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv2632/rulefiles/linux/ignore.d.server
Modified Files:
dovecot nagios ntp proftpd rsnapshot rsync squid stunnel
Added Files:
sympa
Log Message:
add impressive sync to weasel's ruleset,
more to come.
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dovecot 2005/11/18 01:14:36 1.9
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dovecot 2006/05/24 21:44:59 1.10
@@ -3,3 +3,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)\([^[:space:]]+\): File isn't in mbox format: [^[:space:]]+$
# dovecot 1.0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: user=<[.[:alnum:]@-]+>, method=(PLAIN|plain|LOGIN|login|(CRAM|cram|DIGEST|digest)-(MD5|md5)), rip=(::ffff:)?[:.[:digit:]]+, lip=(::ffff:)?[:0-9a-f.]+(, TLS)?$
+^\w{3} [ :0-9]{11} thetis imap-login: Aborted login \[(::ffff:)?[:0-9a-f.]+]$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/nagios 2005/10/15 19:11:06 1.17
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/nagios 2006/05/24 21:44:59 1.18
@@ -1,9 +1,10 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Auto-save of retention data completed successfully\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: LOG ROTATION: (DAILY|WEEKLY|MONTHLY)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Nagios 1\.1 starting\.\.\. \(PID=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Nagios 1\.[0-9] starting\.\.\. \(PID=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Caught SIGHUP, restarting\.\.\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE ALERT: [._[:alnum:]-]+;[^;]+;(CRITICAL|WARNING|OK|UNKNOWN);(SOFT|HARD);.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;(ACKNOWLEDGEMENT \()?(CRITICAL|WARNING|OK|UNKNOWN)(\))?;.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE FLAPPING ALERT: [._[:alnum:]-]+;[^;]+;STOPPED; Service appears to have stopped flapping \([.[:digit:]]+% change < [.[:digit:]]+% threshold\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE FLAPPING ALERT: [._[:alnum:]-]+;[._[:alnum:]-]+;(STARTED|STOPPED); Service appears to have (started|stopped) flapping \([0-9.]+% change [<>] [.[:digit:]]+% threshold\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST ALERT: [._[:alnum:]-]+;(DOWN|UP|UNREACHABLE);(SOFT|HARD);.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;(DOWN|UP|UNREACHABLE);.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: HOST DOWNTIME ALERT: [._[:alnum:]-]+;(STARTED|STOPPED);.*$
@@ -13,5 +14,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: EXTERNAL COMMAND: (ADD_SVC_COMMENT|ACKNOWLEDGE_SVC_PROBLEM);[._[:alnum:]-]+;[[:alnum:]]+;[0-9]+;([[:alnum:]]+;)?.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: EXTERNAL COMMAND: SCHEDULE_HOST_DOWNTIME;[._[:alnum:]-]+;[0-9;]+;[[:alnum:]]+;.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Warning: The results of service '[ [:alnum:][:punct:]]+' on host '[._[:alnum:]-]+' are stale by [[:digit:]]+ seconds \(threshold=[[:digit:]]+ seconds\). I'm forcing an immediate check of the service\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: SERVICE ALERT: [[:alnum:]]+;PING;(WARNING|OK).*$
# nrpe
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nrpe\[[0-9]+\]: Error: Could not complete SSL handshake. 5$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ntp 2006/03/18 17:43:18 1.10
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ntp 2006/05/24 21:44:59 1.11
@@ -8,3 +8,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: peer ([.0-9]{7,15}|[0-9a-fA-F:.]{4,39}) now (in)?valid$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by -?[.0-9]+s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjust time server -?[.0-9]+ offset$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: too many recvbufs allocated \([0-9]+\)$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/proftpd 2005/10/15 14:18:11 1.7
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/proftpd 2006/05/24 21:44:59 1.8
@@ -2,3 +2,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )USER [._[:alnum:]-]+: Login successful\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - ANON (anonymous|ftp): Login successful.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) - FTP no transfer timeout, disconnected$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/rsnapshot 2004/11/13 11:29:19 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/rsnapshot 2006/05/24 21:44:59 1.3
@@ -1 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsnapshot\[[0-9]+\]: /usr/bin/rsnapshot( -c [^ ]*)? (hourly|semidaily|daily|weekly|monthly): completed successfully$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsnapshot\[[0-9]+\]: WARNING: /usr/bin/rsnapshot: (hourly|semidaily|daily|weekly|monthly): completed, but with some warnings$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsnapshot\[[0-9]+\]: WARNING: Some files and/or directories in root@[._[:alnum:]:/-]+ vanished during rsync operation$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/rsync 2005/05/12 12:48:52 1.4
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/rsync 2006/05/24 21:44:59 1.5
@@ -4,3 +4,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync error: some files could not be transferred \(code 23\) at main.c\([0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: unknown module 'pub' tried from [._[:alnum:]-]+ \([0-9.]{7,15}\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync error: received SIGUSR1 or SIGINT \(code 20\) at rsync.c\([0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync error: error in rsync protocol data stream \(code 12\) at io.c\([0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: rsync: read error: Connection reset by peer \(104\)$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/squid 2005/05/30 16:08:12 1.8
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/squid 2006/05/24 21:44:59 1.9
@@ -54,3 +54,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: ctx: exit level 0$
# squidguard
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ 'squidGuard' processes$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: CACHEMGR: <unknown>@127.0.0.1 requesting 'storedir'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: CACHEMGR: <unknown>@127.0.0.1 requesting 'counters'$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/stunnel 2004/11/13 11:29:19 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/stunnel 2006/05/24 21:44:59 1.3
@@ -1,3 +1,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_read .*: Connection reset by peer$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: .* connected from .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[.*\]: VERIFY OK: depth=[0-9]+, .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: VERIFY OK: depth=[0-9]+, .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: Received signal 15; terminating$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: stunnel [0-9.]+ on i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2} \w{3} [0-9]{4}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: [0-9]+ clients allowed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_accept: Peer suddenly disconnected$
More information about the Logcheck-commits
mailing list