X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/d03c2eddf4a205a02db229ef10d2fbed666858b4..91f4ab8c6bc2b647a26eed10e42ea3a2a9377b95:/roles/journalwatch/templates/patterns?ds=sidebyside diff --git a/roles/journalwatch/templates/patterns b/roles/journalwatch/templates/patterns index 1e8adfe..7701447 100644 --- a/roles/journalwatch/templates/patterns +++ b/roles/journalwatch/templates/patterns @@ -56,23 +56,38 @@ Failed to set devices.allow on /system.slice/[a-z-]+.service: Operation not perm {% endif %} SYSLOG_IDENTIFIER = sudo -\s*[_\w.-]+ : TTY=(unknown|console|(pts/|ttyp?|vc/)\d+) ; PWD=[^;]+ ; USER=[._\w-]+ ; COMMAND=.* +\s*[._\w-]+ : TTY=(unknown|console|(pts/|ttyp?|vc/)\d+) ; PWD=[^;]+ ; USER=[._\w-]+ ; COMMAND=.* + +SYSLOG_IDENTIFIER = su +\(to [._\w-]+\) [._\w-]+ on none _SYSTEMD_UNIT = postfix@-.service warning: hostname [^\s]+ does not resolve to address [\da-fA-F.:]+(: Name or service not known)? -warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL LOGIN authentication failed: .+ -warning: non-SMTP command from \w+\[[\da-fA-F.:]+\]: .* +warning: [._\w-]+\[[\da-fA-F.:]+\]: SASL (LOGIN|PLAIN) authentication failed:.* +warning: non-SMTP command from [._\w-]+\[[\da-fA-F.:]+\]: .* warning: TLS library problem: error:[0-9A-F]+:SSL routines:\w+:(no shared cipher|decryption failed or bad record mac|unknown protocol|version too low):[\w./]+:\d+: +{% if journalwatch is defined and journalwatch.postfix_slow | default(False) %} +warning: psc_cache_update: btree:/var/lib/postfix/[a-z_]+ (update|lookup) average delay is \d\d\d ms +{% endif %} +{% if journalwatch is defined and journalwatch.strato_broken | default(False) %} +warning: dnsblog reply timeout [0-9]+s for [\w._-]+ +warning: dnsblog_query: lookup error for DNS query .* +{% endif %} _SYSTEMD_UNIT = dovecot.service auth: Warning: auth client \d+ disconnected with \d+ pending requests: (EOF|Connection reset by peer) SYSLOG_IDENTIFIER = sshd error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .* -error: maximum authentication attempts exceeded for (invalid user \w*|\w+) from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])? +error: maximum authentication attempts exceeded for (invalid user \w*|\w+) from [\da-fA-F.:]+ port \d+ ssh2 \[preauth\] +fatal: ssh_packet_get_string: string is too large \[preauth\] _SYSTEMD_UNIT = bind9.service -client [\da-fA-F.:]+#\d+ \([\w.-]+\): (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type|unexpected end of input)) +client [\da-fA-F.:]+#\d+( \([\w.-]+\))?: (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type|unexpected end of input)) _SYSTEMD_UNIT = opendkim.service [A-Z0-9]+: (bad signature data|failed to parse [Aa]uthentication-[Rr]esults: header field) +[A-Z0-9]+: key retrieval failed \(s=[\w._-]+, d=[\w._-]+\)(: '[\w._-]+' record not found)? + +_SYSTEMD_SLICE=system-openvpn.slice +(client/)?[0-9a-f.:]+ (peer info: .*|VERIFY OK: .*|Outgoing Data Channel: .*|Incoming Data Channel: .*|Control Channel: .*|TLS: .*|\[client\] .*|MULTI(_sva)?: .*|SIGUSR1.*|PUSH: .*|SENT CONTROL \[client\]: .*)