[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Wed Jul 5 21:46:39 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv12236/rulefiles/linux/ignore.d.server
Modified Files:
kernel
Log Message:
* ignore.d.server/kernel: added rules to ignore martian, ll header, and
icmpv6_send warnings.
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/kernel 2006/07/04 20:57:46 1.6
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/kernel 2006/07/05 21:46:39 1.7
@@ -3,3 +3,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[.0-9]{7,15} DST=[.0-9]{7,15} LEN=[0-9]+ TOS=0x[0-9]+ PREC=0x[0-9]+ TTL=[0-9]+ ID=[0-9]+ (DF )?PROTO=UDP SPT=[0-9]+ DPT=[0-9]+ LEN=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=5353 DPT=5353 LEN=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=49342 DPT=5353 LEN=[0-9]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: ll header: [:[:xdigit:]]+
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: martian source 255\.255\.255\.255 from [.[:digit:]]{7,15} on dev [[:alnum:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: icmpv6_send: no reply to icmp error$
More information about the Logcheck-commits
mailing list