[Logcheck-commits] martin f. krafft: ignore connection reset messages with negative status (?) numbers.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:19 UTC 2008
Module: logcheck
Branch: master
Commit: a13272b59f484d67fc4e1eb10647734cc6f6db86
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=a13272b59f484d67fc4e1eb10647734cc6f6db86
Author: martin f. krafft <madduck at debian.org>
Date: Sun Aug 31 19:05:21 2008 +0100
ignore connection reset messages with negative status (?) numbers.
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/openvpn | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a4557d7..b165578 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -46,6 +46,7 @@ logcheck (1.3) unstable; urgency=low
connections.
- ignore restarts due to fatal TLS errors.
- ignore replay-window backtrack warnings.
+ - ignore connection reset messages with negative status (?) numbers.
* Rulefiles are now installed with mode 644; the directories are still moe
700, so the files are not publicly readable (unless the admin hardlinks
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index a6611be..a036b6f 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -38,7 +38,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? (Local|Expected Remote) Options hash \(VER=V[34]\): '[[:xdigit:]]+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? (PUSH: Received control message|SENT CONTROL \[[-_.[:alnum:]]+\]): 'PUSH_REPLY(,redirect-gateway)?(,route [.[:digit:]]{7,15}( [.[:digit:]]{7,15})?)*,ping [[:digit:]]+,ping-restart [[:digit:]]+,ifconfig [.[:digit:]]{7,15} [.[:digit:]]{7,15}'( \(status=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? (PUSH: Received control message|SENT CONTROL \[[-_.[:alnum:]]+\]): 'PUSH_REQUEST'( \(status=[[:digit:]]+\))?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Connection reset, restarting \[[[:digit:]]+\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Connection reset, restarting \[[-[:digit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Control Channel: TLSv1, cipher TLSv1/SSLv3 [[:alnum:]-]+, [[:digit:]]+ bit RSA$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Data Channel (En|De)crypt: Cipher '[[:alnum:]-]+' initialized with [[:digit:]]+ bit key$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Data Channel (En|De)crypt: Using [[:digit:]]+ bit message hash '[[:alnum:]-]+' for HMAC authentication$
More information about the Logcheck-commits
mailing list