[Logcheck-commits] r1536 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Sat May 5 10:58:37 UTC 2007
Author: madduck
Date: 2007-05-05 10:58:35 +0000 (Sat, 05 May 2007)
New Revision: 1536
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
* ignore.d.server/dovecot:
- ignore additional, non-conventional comment to msgid on deliver message.
- Postfix 2.4.0 now logs as error some of the deferral messages
formerly logged as qmgr.
- Fix typo in "while performing the HELO handshake" message.
- Ignore qmgr message expiration messages.
* ignore.d.server/ssh:
- also ignore backslashes in invalid/illegal user names.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-05-02 18:24:32 UTC (rev 1535)
+++ logcheck/trunk/debian/changelog 2007-05-05 10:58:35 UTC (rev 1536)
@@ -1,6 +1,9 @@
-logcheck (1.2.56~unreleased.2) unstable; urgency=low
+logcheck (1.2.56) unstable; urgency=low
[ martin f. krafft ]
+ * ignore.d.server/dovecot:
+ - ignore additional, non-conventional comment to msgid on deliver message.
+
* ignore.d.server/openvpn:
- ignore messages related to tls-verify script.
- hide informational messages related to UDP.
@@ -14,22 +17,6 @@
Thanks Michael Shuler.
[ Russ Allbery ]
- * ignore.d.server/postfix:
- - Postfix 2.4.0 now logs as error some of the deferral messages
- formerly logged as qmgr.
- - Fix typo in "while performing the HELO handshake" message.
- * violations.ignore.d/logcheck-postfix:
- - Ignore qmgr message expiration messages.
-
- -- martin f. krafft <madduck at debian.org> Thu, 05 Apr 2007 21:29:23 +0200
-
-logcheck (1.2.56~unreleased.1) unstable; urgency=low
-
- [ martin f. krafft ]
- * ignore.d.server/dovecot:
- - ignore additional, non-conventional comment to msgid on deliver message.
-
- [ Russ Allbery ]
* ignore.d.server/postfix: (closes: #404852)
- ignore more timeout and connection refused messages.
- allow more logging information in connection failure messages.
@@ -37,18 +24,26 @@
- make the DSN optional in remote accept messages.
- ignore numeric hostname and DNS lookup failures.
- ignore invalid octet count errors from trivial-rewrite.
+ - Postfix 2.4.0 now logs as error some of the deferral messages
+ formerly logged as qmgr.
+ - Fix typo in "while performing the HELO handshake" message.
* violations.ignore.d/logcheck-postfix:
- smtpd_peer_init is optional before DNS failure messages.
- allow conn_use information in smtp failure messages.
- add another variation on remote message acceptance.
- allow more message IDs in cleanup log messages.
+ - Ignore qmgr message expiration messages.
* violations.ignore.d/logcheck-ssh:
- ignore host/address mismatch messages from TCP wrappers.
- -- martin f. krafft <madduck at debian.org> Wed, 28 Feb 2007 21:14:44 +0100
+ [ martin f. krafft ]
+ * ignore.d.server/ssh:
+ - also ignore backslashes in invalid/illegal user names.
+ -- martin f. krafft <madduck at debian.org> Sat, 05 May 2007 12:57:48 +0200
+
logcheck (1.2.55) unstable; urgency=low
* Actually install README.backports.gz to /usr/share/doc/logcheck
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-05-02 18:24:32 UTC (rev 1535)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-05-05 10:58:35 UTC (rev 1536)
@@ -14,8 +14,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-'"@<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-'"@<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-\'"@<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-\'"@<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
More information about the Logcheck-commits
mailing list