Frédéric Brière
2008-Jan-24 07:30 UTC
[Logcheck-devel] [PATCH] =?utf-8?q?commit=20f08abd60b4aead4e6db2250d742c97abe9c57c4a
Adapted rules for SystemLog syntax
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/proftpd | 26 +++++++++++++-------------
1 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/proftpd
b/rulefiles/linux/ignore.d.server/proftpd
index 4109e26..98d28bb 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -1,15 +1,15 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
(opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: pam_unix\(proftpd:session\):
session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Login successful\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Limit access denies login\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for
[0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login
successful.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+
usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user
found from [.:_[:alnum:]-]+ \[[.:[:xdigit:]]+\] to
[.:[:xdigit:]]+:[[:digit:]]{2,5}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - Maximum login attempts
\([[:digit:]]+\) exceeded$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user
'[-_.[:alnum:]]+'$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - notice: user ftp: aborting transfer:
Data connection closed\.
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
(\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) )?- error setting IPV6_V6ONLY: Protocol
not available$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
(\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) )?- Preparing to chroot to directory
'[-/._[:alnum:]]+'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) FTP session (opened|closed)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Login successful\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Limit access denies login\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) mod_delay/[0-9]\.[0-9]: delaying
for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) ANON (anonymous|ftp): Login
successful.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) mod_delay/[0-9.]+: delaying for
[0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) FTP no transfer timeout,
disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-_.[:alnum:]]+: no such user
found from [.:_[:alnum:]-]+ \[[.:[:xdigit:]]+\] to
[.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Maximum login attempts
\([[:digit:]]+\) exceeded$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) no such user
'[-_.[:alnum:]]+'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) notice: user ftp: aborting
transfer: Data connection closed\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
(\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) )?- error setting IPV6_V6ONLY: Protocol
not available$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
(\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) )?- Preparing to chroot to directory
'[-/._[:alnum:]]+'$
--
1.5.3.8