X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/97457a5d183b5d02de58fff3e267a3baef446f08..d337571c2e21c7b410f5383233b388581817afe6:/roles/journalwatch/files/patterns?ds=sidebyside diff --git a/roles/journalwatch/files/patterns b/roles/journalwatch/files/patterns index 8f2b9f7..dd3b2d4 100644 --- a/roles/journalwatch/files/patterns +++ b/roles/journalwatch/files/patterns @@ -53,17 +53,21 @@ SYSLOG_IDENTIFIER = sudo _SYSTEMD_UNIT = postfix@-.service warning: hostname [^\s]+ does not resolve to address [\da-fA-F.:]+(: Name or service not known)? -warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL LOGIN authentication failed: [._\w-]+ +warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL LOGIN authentication failed: .+ warning: non-SMTP command from \w+\[[\da-fA-F.:]+\]: .* +warning: TLS library problem: error:[0-9A-F]+:SSL routines:\w+:(no shared cipher|decryption failed or bad record mac|unknown protocol|version too low):[\w./]+:\d+: +Failed to create /user.slice/user-\d+.slice/user@\d+.service/init.scope control group: Permission denied +Failed to allocate manager object: Permission denied + +_SYSTEMD_UNIT = dovecot.service +auth: Warning: auth client \d+ disconnected with \d+ pending requests: (EOF|Connection reset by peer) SYSLOG_IDENTIFIER = sshd error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .* -error: maximum authentication attempts exceeded for invalid user \w+ from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])? -pam_unix\(sshd:auth\): check pass; user unknown -(pam_unix\(sshd:auth\): authentication failure|PAM \d+ more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=[\da-fA-F.:]+( user=root)? +error: maximum authentication attempts exceeded for (invalid user \w*|\w+) from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])? _SYSTEMD_UNIT = bind9.service client [\da-fA-F.:]+#\d+ \([\w.-]+\): (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type)) _SYSTEMD_UNIT = opendkim.service -[A-Z0-9]+: bad signature data +[A-Z0-9]+: (bad signature data|failed to parse [Aa]uthentication-[Rr]esults: header field)