Last active
August 29, 2015 13:55
-
-
Save trunneml/8758389 to your computer and use it in GitHub Desktop.
Denoise Logcheck
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Internet (Software|Systems) Consortium DHCP Client [.[:alnum:]-]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Copyright [-0-9]+ Internet Systems Consortium\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: All rights reserved\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: There is already a pid file /var/run/dhclient\.[[:alnum:]]+\.pid with pid [[:digit:]]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: killed old client process, removed PID file$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?:$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Listening on [^[:space:].]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Sending on[[:space:]]+[^[:space:]]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: DHCPDISCOVER on [[:alnum:].]+ to [.0-9]{7,15} port 67 interval [0-9]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: DHCP(NAK|ACK|OFFER) (of [.0-9]{7,15} )?from [.0-9]{7,15}( \(xid=0x[0-9a-f]+\))?$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} port 67( \(xid=0x[0-9a-f]+\))?$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: bound(:| to [.0-9]{7,15} --) renewal in [0-9]+ seconds\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: [[:lower:]]+[0-9]: unknown hardware address type [0-9]+$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Trying recorded lease [.0-9]{7,15}$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: No working leases in persistent database( - sleeping)?\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: send_packet: Network is unreachable$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: send_packet: please consult README file regarding broadcast address\.$ | |
| # dhcp-client 2.0 | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Copyright (199[5-9],? ){5}(The )?Internet Software Consortium\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Please contribute if you find this software useful\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: For info, please visit http://www.isc.org/dhcp-contrib.html$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: No DHCPOFFERS received\.$ | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: Sleeping\.$ | |
| # 3.0 | |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: parse_option_buffer: option [-[:alnum:]]+ \([[:digit:]]+\) larger than buffer\.$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ fail2ban.actions: WARNING \[ssh-iptables\] (Unb|B)an [-_.[:alnum:]]+$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for [-_.[:alnum:]]+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [._[:alnum:]-]+: 11: Bye Bye$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM [0-9]+ more authentication failures?; logname= uid=.* euid=.* tty=ssh ruser= rhost=.* user=[-_.[:alnum:]]+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM service\(sshd\) ignoring max retries; [[:digit:]]+ > [[:digit:]]+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [-_.[:alnum:]]+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_succeed_if\(sshd:auth\): error retrieving information about user [-_.[:alnum:]]+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Read from socket failed: Connection reset by peer$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .+$ | |
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by .+$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ unix_chkpwd\[[[:digit:]]+\]: password check failed for user \([-_.[:alnum:]]+\)$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment