From 6782746f3ce7bed8e03696b6fa454a271b7304d9 Mon Sep 17 00:00:00 2001 From: Tristan PILAT Date: Tue, 24 Nov 2020 16:26:02 +0100 Subject: [PATCH] Add customized logsentry configuration --- roles/logsentry/files/logsentry.ignore | 81 +++++++++++++++++++ .../files/logsentry.violations.ignore | 7 ++ 2 files changed, 88 insertions(+) create mode 100644 roles/logsentry/files/logsentry.ignore create mode 100644 roles/logsentry/files/logsentry.violations.ignore diff --git a/roles/logsentry/files/logsentry.ignore b/roles/logsentry/files/logsentry.ignore new file mode 100644 index 0000000..3ad94bc --- /dev/null +++ b/roles/logsentry/files/logsentry.ignore @@ -0,0 +1,81 @@ +authsrv.*AUTHENTICATE +cron.*CMD +cron.*RELOAD +cron.*STARTUP +ftp-gw.*: exit host +ftp-gw.*: permit host +ftpd.*ANONYMOUS FTP LOGIN +ftpd.*FTP LOGIN FROM +ftpd.*retrieved +ftpd.*stored +http-gw.*: exit host +http-gw.*: permit host +mail.local +named.*Lame delegation +named.*Response from +named.*answer queries +named.*points to a CNAME +named.*reloading +named.*starting +netacl.*: exit host +netacl.*: permit host +popper.*Unable +popper: -ERR POP server at +popper: -ERR Unknown command: "uidl". +qmail.*new msg +qmail.*info msg +qmail.*starting delivery +qmail.*delivery +qmail.*end msg +rlogin-gw.*: exit host +rlogin-gw.*: permit host +sendmail.*User Unknown +sendmail.*alias database.*rebuilt +sendmail.*aliases.*longest +sendmail.*from= +sendmail.*lost input channel +sendmail.*message-id= +sendmail.*putoutmsg +sendmail.*return to sender +sendmail.*stat= +sendmail.*timeout waiting +smap.*host= +smapd.*daemon running +smapd.*delivered +telnetd.*ttloop: peer died +tn-gw.*: exit host +tn-gw.*: permit host +x-gw.*: exit host +x-gw.*: permit host +xntpd.*Previous time adjustment didn't complete +xntpd.*time reset +ansible-command: Invoked +ansible-file: Invoked +ansible-setup: Invoked +ansible-stat: Invoked +ansible-synchronize: Invoked +doas: _collectd ran command /bin/cat /var/log/daemon as root from /var/collectd +doas: _nrpe ran command /usr/local/libexec/nagios +doas:.*ran command /usr/share/scripts/evomaintenance.sh as root from +newsyslog.*logfile turned over +nrpe.*: Could not read request from client, bailing out... +nrpe.*: Error: Could not complete SSL handshake. +nrpe.*: INFO: SSL Socket Shutdown. +ntpd.*: adjusting clock frequency by +smtpd.*mta connected +smtpd.*mta connecting address=smtp:// +smtpd.*mta delivery evpid= +smtpd.*mta disconnected reason=quit messages= +smtpd.*mta server-cert-check result= +smtpd.*mta tls ciphers= +smtpd.*smtp connected address=127.0.0.1 host=localhost +smtpd.*smtp connected address=local +smtpd.*smtp disconnected reason=quit +smtpd.*smtp envelope evpid= +smtpd.*smtp message msgid= +sshd.*Connection closed by 127.0.0.1 port +sshd.*Connection reset by 127.0.0.1 port +sudo:.*: a password is required ; TTY=.* ; PWD=/home/.* ; USER=root ; COMMAND= +sudo:.*: TTY=.* ; PWD=/home/.* ; USER=root ; COMMAND= +syslogd.*restart +unbound:.*info: diff --git a/roles/logsentry/files/logsentry.violations.ignore b/roles/logsentry/files/logsentry.violations.ignore new file mode 100644 index 0000000..7c56422 --- /dev/null +++ b/roles/logsentry/files/logsentry.violations.ignore @@ -0,0 +1,7 @@ +stat=Deferred +unbound:.*info: server stats for +smtpd.*smtp connected address=127.0.0.1 host=localhost +smtpd.*smtp connected address=local +smtpd.*smtp disconnected reason=quit +nrpe.*: INFO: SSL Socket Shutdown. +collectd.*: exec plugin: Failed to execute