community.riocities.com
  • Home
  • Categories
  • Tags
  • Archives

ExtraIgnore4LogCheck

Some extra rules for Logcheck to ignore

ExtraIgnore4LogCheck.txt download
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ F-Prot autoupdate\[[0-9]+\]: F-Prot did not need updating.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ F-Prot autoupdate\[[0-9]+\]: F-Prot successfully updated.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ClamAV-autoupdate\[[0-9]+\]: ClamAV did not need updating
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ClamAV-autoupdate\[[0-9]+\]: ClamAV updated
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: deferred transport\)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended:
deferred transport\)
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: hold: header Received:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/pickup\[[0-9]+\]: [[:alnum:]]+: uid=[0-9]+ from=<[[:alnum:]]+> orig_id=[[:xdigit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Requeue: [.[:xdigit:]]+ to [[:xdigit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Using locktype = flock
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Enabling SpamAssassin auto-whitelist functionality...
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Content Checks: Found [0-9]+ problems
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Saved infected [\"-._[:alnum:]]+ to /var/spool/MailScanner/
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Content Checks: Detected and will disarm HTML message in [[:xdigit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Content Checks: Detected and have disarmed HTML message in [[:xdigit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Content Checks: Detected HTML-specific exploits in [[:xdigit:]]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Virus Scanning: ClamAV found [0-9]+ infections
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Cleaned: Delivered [0-9]+ cleaned messages
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Notices: Warned about [0-9]+ messages
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Other Checks: Found [0-9]+ problems
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Filename Checks: Windows/DOS Executable
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Filename Checks: No executables
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: SpamAssassin timed out and was killed, failure [1-9] of 20
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: New Batch: Found [0-9]+ messages waiting
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Found phishing fraud from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Found ip-based phishing fraud from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: Read [0-9]+ hostnames from the phishing whitelist
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: [[:alnum:][:punct:]]+: HTML.Phishing.Auction-[0-9]+ FOUND
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ MailScanner\[[0-9]+\]: ClamAV scanner using unrar command /usr/bin/unrar
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9] lockers
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/ctl_cyrusdb\[[0-9]+\]: removing log file: [[:alnum:][:punct:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: device eth[0-9] (entered|left) promiscuous mode$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: eth[0-9]: Promiscuous mode enabled.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort:

  • « HardeningHowTo
  • MollieLog6 »

Published

Oct 9, 2005

Author

bengt

Category

HOWTOs

Social

  • atom feed
  • rss feed
  • ipv6 ready
  • Powered by Pelican. Theme: Elegant by Talha Mansoor