[Logcheck-commits] [logcheck] 01/01: i.d.w/wpasupplicant: adjust/extend multiple rules
Hannes von Haugwitz
hvhaugwitz at moszumanska.debian.org
Sun Jan 22 18:40:40 UTC 2017
This is an automated email from the git hooks/post-receive script.
hvhaugwitz pushed a commit to branch master
in repository logcheck.
commit 68e5921c8797b89d2d5f1500e2bb7aba4f02935d
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Sun Jan 22 19:36:24 2017 +0100
i.d.w/wpasupplicant: adjust/extend multiple rules
---
debian/changelog | 9 ++++++++
rulefiles/linux/ignore.d.workstation/wpasupplicant | 24 ++++++++++++----------
2 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 0b3ae28..c0c049b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,15 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
- allow comma as thousands separator (LP: #1476199)
+ * ignore.d.workstation/wpasupplicant:
+ - adjust CTRL-EVENT-CONNECTED rule
+ - add another CTRL-EVENT-DISCONNECTED rule
+ - adjust multiple rules to match added interface name
+ - allow '.' in SSID
+ - match 'SME: ' prefix in 'Trying to associate' message
+ - match 'freq=', 'address=' and 'uuid=' wpa_action messages
+ - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
+ - match predictable network interface names
* debian/control:
- add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
patch (closes: #786815)
diff --git a/rulefiles/linux/ignore.d.workstation/wpasupplicant b/rulefiles/linux/ignore.d.workstation/wpasupplicant
index 9dff6a7..ea0c47e 100644
--- a/rulefiles/linux/ignore.d.workstation/wpasupplicant
+++ b/rulefiles/linux/ignore.d.workstation/wpasupplicant
@@ -1,21 +1,23 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: Trying to (authenticate|associate) with ([0-9a-f]{2}:){5}[0-9a-f]{2} \(SSID='[[:alnum:]-]+' freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0) MHz\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: Associated with ([0-9a-f]{2}:){5}[0-9a-f]{2}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: (wlan[0-9]: )?WPA: Group rekeying completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[GTK=(CCMP|TKIP)\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: WPA: Key negotiation completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[PTK=(CCMP|TKIP) GTK=(CCMP|TKIP)\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-CONNECTED - Connection to ([0-9a-f]{2}:){5}[0-9a-f]{2} completed \((re)?auth\) \[id=[0-9]+ id_str=[_[:alnum:]]*\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?(SME: )?Trying to (authenticate|associate) with ([0-9a-f]{2}:){5}[0-9a-f]{2} \(SSID='[.[:alnum:]-]+' freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0) MHz\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?Associated with ([0-9a-f]{2}:){5}[0-9a-f]{2}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Group rekeying completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[GTK=(CCMP|TKIP)\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?WPA: Key negotiation completed with ([0-9a-f]{2}:){5}[0-9a-f]{2} \[PTK=(CCMP|TKIP) GTK=(CCMP|TKIP)\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-CONNECTED - Connection to ([0-9a-f]{2}:){5}[0-9a-f]{2} completed (\((re)?auth\) )?\[id=[0-9]+ id_str=[_[:alnum:]]*\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-SCAN-(STARTED|RESULTS)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-MSCHAPV2: Authentication succeeded$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: WPS-AP-AVAILABLE$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (bssid=([0-9a-f]{2}:){5}[0-9a-f]{2}|ssid=[[:alnum:]-]+|id=[0-9]+|id_str=[_[:alnum:]]*)$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (WPA_IFACE=wlan[0-9] WPA_ACTION=CONNECTED|WPA_ID=[0-9]+ WPA_ID_STR=[_[:alnum:]]* WPA_CTRL_DIR=/var/run/wpa_supplicant)$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (bssid=([0-9a-f]{2}:){5}[0-9a-f]{2}|ssid=[.[:alnum:]-]+|id=[0-9]+|id_str=[_[:alnum:]]*|freq=(24([1-6][27]|72|84)|5(2[046]|3[02]|5[068]|6[68]|70)0)|address=([0-9a-f]{2}:){5}[0-9a-f]{2}|uuid=[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (WPA_IFACE=(wlan[0-9]|wlp[0-9]s[0-9]) WPA_ACTION=CONNECTED|WPA_ID=[0-9]+ WPA_ID_STR=[_[:alnum:]]* WPA_CTRL_DIR=/var/run/wpa_supplicant)$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (pairwise_cipher=(TKIP|CCMP)|group_cipher=(TKIP|CCMP)|key_mgmt=WPA2?(-PSK|/IEEE 802.1X/EAP)|wpa_state=COMPLETED)$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifup wlan[0-9]=[_[:alnum:]]*$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (creating|removing) sendsigs omission pidfile: /(run|lib/init/rw)/sendsigs\.omit\.d/wpasupplicant\.wpa_supplicant\.wlan[0-9]\.pid$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifup (wlan[0-9]|wlp[0-9]s[0-9])=[_[:alnum:]]*$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (creating|removing) sendsigs omission pidfile: /(run|lib/init/rw)/sendsigs\.omit\.d/wpasupplicant\.wpa_supplicant\.(wlan[0-9]|wlp[0-9]s[0-9])\.pid$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: (Supplicant PAE state=AUTHENTICATED|suppPortStatus=Authorized|EAP state=SUCCESS|selectedMethod=25 \(EAP-PEAP\)|EAP TLS cipher=DHE-RSA-AES256-SHA|EAP-PEAPv0 Phase2 method=MSCHAPV2)$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ip_address=(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: WPA_IFACE=wlan[0-9] WPA_ACTION=DISCONNECTED$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: WPA_IFACE=(wlan[0-9]|wlp[0-9]s[0-9]) WPA_ACTION=DISCONNECTED$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: mode=station$
-^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifdown wlan[0-9]$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_action: ifdown (wlan[0-9]|wlp[0-9]s[0-9])$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-DISCONNECTED bssid=([0-9a-f]{2}:){5}[0-9a-f]{2} reason=[0-9] locally_generated=1$
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git
More information about the Logcheck-commits
mailing list