[Logcheck-commits] martin f. krafft: ignore.d.server/proftpd: ignore when proftpd barfs all over syslog when a passive transfer failed.

Martin F. Krafft madduck at alioth.debian.org
Sun Aug 31 19:24:20 UTC 2008 

Module: logcheck
Branch: master
Commit: 4ee0b5ea159d75a7646aeb0ca570cf27213b739b
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=4ee0b5ea159d75a7646aeb0ca570cf27213b739b

Author: martin f. krafft <madduck at debian.org>
Date:   Sun Aug 31 19:16:04 2008 +0100

ignore.d.server/proftpd: ignore when proftpd barfs all over syslog when a passive transfer failed.

---

 debian/changelog                        |    3 +++
 rulefiles/linux/ignore.d.server/proftpd |    3 +++
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index a96ad83..cc1b55c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,6 +50,9 @@ logcheck (1.3) unstable; urgency=low
     - ignore restarts due to fatal TLS errors.
     - ignore replay-window backtrack warnings.
     - ignore connection reset messages with negative status (?) numbers.
+  * ignore.d.server/proftpd:
+    - ignore when proftpd barfs all over syslog when a passive transfer
+      failed.
 
   * Rulefiles are now installed with mode 644; the directories are still moe
     700, so the files are not publicly readable (unless the admin hardlinks
diff --git a/rulefiles/linux/ignore.d.server/proftpd b/rulefiles/linux/ignore.d.server/proftpd
index 94a74fa..ee1efba 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -18,3 +18,6 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) PAM\([-_.[:alnum:]]+\): Authentication failure\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) SECURITY VIOLATION: root login attempted\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Passive data transfer failed, possibly due to network issues$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Check your PassivePorts and MasqueradeAddress settings,$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) and any router, NAT, and firewall rules in the network path\.$

More information about the Logcheck-commits mailing list