adjust patterns after sysupgrade

[ansible.git] / roles / journalwatch / templates / patterns

diff --git a/roles/journalwatch/templates/patterns b/roles/journalwatch/templates/patterns
index c08b64e799607d526fe0c85b37211ae04f859e03..55be0dbb5a4c55dff392f83541ab7fa4aadbe2bb 100644 (file)
--- a/roles/journalwatch/templates/patterns
+++ b/roles/journalwatch/templates/patterns
@@ -56,31 +56,43 @@ Failed to set devices.allow on /system.slice/[a-z-]+.service: Operation not perm
 {% endif %}
 
 SYSLOG_IDENTIFIER = sudo
 {% endif %}
 
 SYSLOG_IDENTIFIER = sudo

-\s*[_\w.-]+ : TTY=(unknown|console|(pts/|ttyp?|vc/)\d+) ; PWD=[^;]+ ; USER=[._\w-]+ ; COMMAND=.*
+\s*[._\w-]+ : (TTY=(unknown|console|(pts/|ttyp?|vc/)\d+) ; )?PWD=[^;]+ ; USER=[._\w-]+ ; COMMAND=.*
+
+SYSLOG_IDENTIFIER = su
+\(to [._\w-]+\) [._\w-]+ on none

 
 _SYSTEMD_UNIT = postfix@-.service
 
 _SYSTEMD_UNIT = postfix@-.service

-warning: hostname [^\s]+ does not resolve to address [\da-fA-F.:]+(: Name or service not known)?
+warning: hostname [\w._-]+ does not resolve to address [\da-fA-F.:]+(: .*)?

 warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL (LOGIN|PLAIN) authentication failed:.*
 warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL (LOGIN|PLAIN) authentication failed:.*

-warning: non-SMTP command from \w+\[[\da-fA-F.:]+\]: .*
+warning: non-SMTP command from [._\w-]+\[[\da-fA-F.:]+\]: .*

 warning: TLS library problem: error:[0-9A-F]+:SSL routines:\w+:(no shared cipher|decryption failed or bad record mac|unknown protocol|version too low):[\w./]+:\d+:
 warning: TLS library problem: error:[0-9A-F]+:SSL routines:\w+:(no shared cipher|decryption failed or bad record mac|unknown protocol|version too low):[\w./]+:\d+:

+warning: dnsblog reply timeout \d+s for .*
+warning: dnsblog_query: lookup error for DNS query .*: Host or domain name not found. Name service error .*
+warning: ciphertext read/write timeout for \[[\da-fA-F.:]+\]:\d+

 {% if journalwatch is defined and journalwatch.postfix_slow | default(False) %}
 warning: psc_cache_update: btree:/var/lib/postfix/[a-z_]+ (update|lookup) average delay is \d\d\d ms
 {% endif %}
 {% if journalwatch is defined and journalwatch.strato_broken | default(False) %}
 warning: dnsblog reply timeout [0-9]+s for [\w._-]+
 {% if journalwatch is defined and journalwatch.postfix_slow | default(False) %}
 warning: psc_cache_update: btree:/var/lib/postfix/[a-z_]+ (update|lookup) average delay is \d\d\d ms
 {% endif %}
 {% if journalwatch is defined and journalwatch.strato_broken | default(False) %}
 warning: dnsblog reply timeout [0-9]+s for [\w._-]+

+warning: dnsblog_query: lookup error for DNS query .*

 {% endif %}
 
 _SYSTEMD_UNIT = dovecot.service
 auth: Warning: auth client \d+ disconnected with \d+ pending requests: (EOF|Connection reset by peer)
 {% endif %}
 
 _SYSTEMD_UNIT = dovecot.service
 auth: Warning: auth client \d+ disconnected with \d+ pending requests: (EOF|Connection reset by peer)

+auth: Warning: Event 0x[\da-fA-F]+ leaked \(parent=\(nil\)\): auth-client-connection.c:\d+

 
 SYSLOG_IDENTIFIER = sshd
 error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .*
 error: maximum authentication attempts exceeded for (invalid user \w*|\w+) from [\da-fA-F.:]+ port \d+ ssh2 \[preauth\]
 fatal: ssh_packet_get_string: string is too large \[preauth\]
 
 SYSLOG_IDENTIFIER = sshd
 error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .*
 error: maximum authentication attempts exceeded for (invalid user \w*|\w+) from [\da-fA-F.:]+ port \d+ ssh2 \[preauth\]
 fatal: ssh_packet_get_string: string is too large \[preauth\]

+error: kex_exchange_identification: Connection closed by remote host

 
 _SYSTEMD_UNIT = bind9.service
 
 _SYSTEMD_UNIT = bind9.service

-client [\da-fA-F.:]+#\d+( \([\w.-]+\))?: (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type|unexpected end of input))
+client (@0x[a-f0-9]+ )?[\da-fA-F.:]+#\d+( \([\w.-]+\))?: (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type|unexpected end of input))

 
 _SYSTEMD_UNIT = opendkim.service
 [A-Z0-9]+: (bad signature data|failed to parse [Aa]uthentication-[Rr]esults: header field)
 [A-Z0-9]+: key retrieval failed \(s=[\w._-]+, d=[\w._-]+\)(: '[\w._-]+' record not found)?
 
 _SYSTEMD_UNIT = opendkim.service
 [A-Z0-9]+: (bad signature data|failed to parse [Aa]uthentication-[Rr]esults: header field)
 [A-Z0-9]+: key retrieval failed \(s=[\w._-]+, d=[\w._-]+\)(: '[\w._-]+' record not found)?

+
+_SYSTEMD_SLICE=system-openvpn.slice
+(client/)?[0-9a-f.:]+ (peer info: .*|VERIFY OK: .*|Outgoing Data Channel: .*|Incoming Data Channel: .*|Control Channel: .*|TLS: .*|\[client\] .*|MULTI(_sva)?: .*|SIGUSR1.*|PUSH: .*|SENT CONTROL \[client\]: .*|WARNING: '(tun|link)-mtu' is used inconsistently, local='(tun|link)-mtu \d+', remote='(tun|link)-mtu \d+')