Merge tag 'upstream/7.4.1'
Upstream version 7.4.1
Willi Mann
9 years ago
6 | 6 | 1. Table of Contents |
7 | 7 | 2. Introduction |
8 | 8 | 3. Directory Structure |
9 | A. Configuration Structure | |
10 | B. Executable Structure | |
9 | A. Configuration Structure | |
10 | B. Executable Structure | |
11 | 11 | 4. Customizing the Configuration |
12 | 12 | 5. Customizing the Scripts |
13 | 13 | 6. Creating New Service Filters |
14 | A. Logfile Groups | |
15 | B. Service Filter Configuration | |
16 | C. Service Filer Executable | |
17 | D. Shared Script Commands | |
14 | A. Logfile Groups | |
15 | B. Service Filter Configuration | |
16 | C. Service Filer Executable | |
17 | D. Shared Script Commands | |
18 | 18 | 7. For More Information |
19 | 19 | |
20 | 20 | |
557 | 557 | - access to the svn repository, for the very latest code. |
558 | 558 | |
559 | 559 | If you do create new services or enhancements that you feel would be useful |
560 | to other people, please send them to the logwatch-devel mailing list | |
561 | at logwatch.org. | |
560 | to other people, please send them to the mailing list 'logwatch-devel at | |
561 | lists.sourceforge.net'. | |
562 | 562 | |
563 | 563 | If you send patches, please make sure that you have the latest version |
564 | 564 | of the file from svn, and send the patch file in unified format |
65 | 65 | You can also use it from the command line (as documented in the |
66 | 66 | man page). |
67 | 67 | |
68 | There is some documentation available in Italian here: | |
69 | http://openskills.info/view/boxdetail.php?IDbox=656 | |
70 | ||
71 | 68 | ------------------------------------------------------------------ |
72 | 69 | |
73 | 70 | If you want me to add support for a new set of log entries, please |
78 | 75 | ------------------------------------------------------------------ |
79 | 76 | |
80 | 77 | Mailing lists available! |
81 | ||
82 | Logwatch List: | |
83 | For general discussion and questions about Logwatch. | |
84 | To Subscribe: echo "subscribe" | mail logwatch-request@kaybee.org | |
85 | Send Mail To: logwatch@kaybee.org | |
86 | ||
87 | Logwatch Announcements List: | |
88 | For important announcements about Logwatch. | |
89 | To Subscribe: echo "subscribe" | mail logwatch-announce-request@kaybee.org | |
90 | 78 | |
91 | 79 | Logwatch Development List: |
92 | 80 | For discussion about Logwatch development. |
108 | 96 | http://www.kaybee.org/kirk/ |
109 | 97 | |
110 | 98 | Newest releases can be found at: |
111 | ftp://ftp.logwatch.org/pub/redhat/RPMS | |
112 | http://www.logwatch.org | |
99 | https://sourceforge.net/projects/logwatch/files/ | |
100 |
20 | 20 | ######################################################################### |
21 | 21 | |
22 | 22 | # What actual file? Defaults to LogPath if not absolute path.... |
23 | LogFile = maillog spamd/spamd.log | |
23 | LogFile = spamd/spamd.log | |
24 | 24 | |
25 | 25 | # If the archives are searched, here is one or more line |
26 | 26 | # (optionally containing wildcards) that tell where they are... |
27 | Archive = maillog[.-]* spamd/spamd.log[.-]* | |
28 | Archive = maillog[.-]*.gz spamd/spamd.log[.-]*.gz | |
27 | Archive = spamd/spamd.log[.-]* | |
28 | Archive = spamd/spamd.log[.-]*.gz | |
29 | 29 | |
30 | 30 | # Keep only the lines in the proper date range... |
31 | 31 | *ApplyStdDate |
0 | 0 | ########################################################################### |
1 | # $Id: fail2ban.conf 149 2013-06-18 22:18:12Z mtremaine $ | |
1 | # $Id: fail2ban.conf 205 2014-09-08 19:15:49Z stefjakobs $ | |
2 | 2 | ########################################################################### |
3 | 3 | # $Log: fail2ban.conf,v $ |
4 | 4 | # Revision 1.1 2006/05/30 19:04:26 bjorn |
21 | 21 | # Which logfile group... |
22 | 22 | LogFile = fail2ban |
23 | 23 | |
24 | ||
24 | # Only give lines pertaining to the fail2ban service... | |
25 | # Note: fail2ban logs using "service" names fail2ban, fail2ban.jail, | |
26 | # fail2ban.filter, and many more. We want to exclude fail2ban-client | |
27 | # so we accept either fail2ban or fail2ban\..+ | |
28 | *OnlyService = fail2ban(|\..+) | |
29 | *RemoveHeaders |
43 | 43 | # Ignore requests |
44 | 44 | # Note - will not do ANY processing, counts, etc... just skip it and go to |
45 | 45 | # the next entry in the log file. |
46 | # Note - The match will be case insensitive; e.g. /model/ == /MoDel/ | |
46 | 47 | # Examples: |
47 | 48 | # 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits |
48 | 49 | # $HTTP_IGNORE_URLS = ^/model/\d{1,10}$ |
4 | 4 | |
5 | 5 | Title = "SpamAssassin" |
6 | 6 | LogFile = spamassassin |
7 | LogFile = maillog | |
7 | 8 | # Pull in sendmail for matching msgid to sender for statistics |
8 | 9 | *OnlyService = (spamd|sendmail) |
9 | 10 | *RemoveHeaders |
25 | 25 | # File: install_logwatch.sh |
26 | 26 | # Author: Mike Tremaine [mgt /at/ stellarcore.net] |
27 | 27 | # Maintainer: Mike Tremaine [mgt /at/ stellarcore.net] |
28 | # $Id: install_logwatch.sh 147 2013-06-18 21:43:31Z mtremaine $ | |
28 | # $Id: install_logwatch.sh 241 2014-09-23 11:50:13Z stefjakobs $ | |
29 | 29 | # |
30 | 30 | # $Log: install_logwatch.sh,v $ |
31 | 31 | # Revision 1.20 2008/05/12 22:53:28 mike |
175 | 175 | |
176 | 176 | #OS Tests for known issues |
177 | 177 | if [ $OS = "Darwin" ]; then |
178 | munge_gzcat = 1 | |
178 | munge_gzcat=1 | |
179 | 179 | fi |
180 | 180 | |
181 | 181 | #Install is borked under IRIX |
279 | 279 | else |
280 | 280 | #MacOS X aka Darwin no -u [even thought the manpage says] |
281 | 281 | if [ $OS = "Darwin" ]; then |
282 | makewhatis -s "1 5 8" $MANDIR | |
282 | makewhatis -o "1 5 8" $MANDIR | |
283 | 283 | else |
284 | 284 | #Linux |
285 | 285 | makewhatis -u -s "1 5 8" $MANDIR |
519 | 519 | } else { |
520 | 520 | $LogFileData{$ThisLogFile}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; |
521 | 521 | } |
522 | for my $i (0..$#CmdList) { | |
523 | $LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $i, $CmdList[$i])} = $CmdArgList[$i]; | |
524 | } | |
522 | } | |
523 | for my $i (0..$#CmdList) { | |
524 | $LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $i, $CmdList[$i])} = $CmdArgList[$i]; | |
525 | 525 | } |
526 | 526 | } |
527 | 527 | } |
48 | 48 | no warnings "uninitialized"; |
49 | 49 | use re 'taint'; |
50 | 50 | |
51 | our $Version = '1.51.02'; | |
51 | our $Version = '1.51.03'; | |
52 | 52 | our $progname_prefix = 'amavis'; |
53 | 53 | |
54 | 54 | # Specifies the default configuration file for use in standalone mode. |
1840 | 1840 | # |
1841 | 1841 | |
1842 | 1842 | sub create_ignore_list() { |
1843 | push @ignore_list_final, qr/^RUSAGE: /; | |
1844 | 1843 | push @ignore_list_final, qr/^lookup_ip_acl/; |
1845 | 1844 | push @ignore_list_final, qr/^lookup_acl/; |
1846 | 1845 | push @ignore_list_final, qr/^lookup_hash/; |
2014 | 2013 | push @ignore_list_final, qr/^Load low precedence policybank/; |
2015 | 2014 | push @ignore_list_final, qr/^warm restart on /; # XXX could be placed instartup info |
2016 | 2015 | push @ignore_list_final, qr/^Signalling a SIGHUP to a running daemon/; |
2017 | push @ignore_list_final, qr/^Deleting db files nanny.db in /; | |
2016 | push @ignore_list_final, qr/^Deleting db files /; | |
2018 | 2017 | push @ignore_list_final, qr/^address modified \(/; |
2018 | push @ignore_list_final, qr/^Request: AM\.PDP /; | |
2019 | push @ignore_list_final, qr/^DSPAM result: /; | |
2020 | push @ignore_list_final, qr/^bind to \//; | |
2021 | push @ignore_list_final, qr/^ZMQ enabled: /; | |
2022 | ||
2023 | push @ignore_list_final, qr/^Inserting header field: X-Amavis-Hold: /; | |
2024 | push @ignore_list_final, qr/^Decoding of .* failed, leaving it unpacked: /; | |
2019 | 2025 | |
2020 | 2026 | # various forms of "Using ..." |
2021 | 2027 | # more specific, interesting variants already captured: search "Using" |
2026 | 2032 | push @ignore_list_final, qr/creating socket by /; |
2027 | 2033 | |
2028 | 2034 | # unanchored |
2035 | push @ignore_list_final, qr/\bRUSAGE\b/; | |
2029 | 2036 | push @ignore_list_final, qr/: Sending .* to UNIX socket/; |
2030 | 2037 | } |
2031 | 2038 | |
2113 | 2120 | or ($p1 =~ /^SpamControl/) |
2114 | 2121 | or ($p1 =~ /^Perl/) |
2115 | 2122 | or ($p1 =~ /^ESMTP/) |
2116 | or ($p1 =~ /^(?:\(!+\))?(?:FWD|SEND) from /) # log level 4 | |
2117 | or ($p1 =~ /^(?:\(!+\))?(?:ESMTP|FWD|SEND) via /) # log level 4 | |
2123 | or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:FWD|SEND) from /) # log level 4 | |
2124 | or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:ESMTP|FWD|SEND) via /) # log level 4 | |
2118 | 2125 | or ($p1 =~ /^tempdir being removed/) |
2119 | 2126 | or ($p1 =~ /^do_notify_and_quar(?:antine)?: .*ccat/) |
2120 | 2127 | or ($p1 =~ /^cached [a-zA-Z0-9]+ /) |
2481 | 2488 | $Totals{'truncatedmsg'}++; |
2482 | 2489 | } |
2483 | 2490 | |
2484 | elsif ( $p1 =~ /: spam level exceeds quarantine cutoff level/ ) { | |
2491 | elsif ($p1 =~ /: spam level exceeds quarantine cutoff level/ or | |
2492 | $p1 =~ /: cutoff, blacklisted/) { | |
2485 | 2493 | #TD do_notify_and_quarantine: spam level exceeds quarantine cutoff level 20 |
2494 | #TD do_notify_and_quarantine: cutoff, blacklisted | |
2486 | 2495 | $Totals{'spamdiscarded'}++; |
2487 | 2496 | } |
2488 | 2497 | |
2756 | 2765 | #TD SA warn: FuzzyOcr: Skipping ocrad-decolorize, image too small |
2757 | 2766 | #$Counts{'sadiags'}{'fuzzyocr'}{'image too small'}++; |
2758 | 2767 | next; |
2768 | } | |
2769 | elsif ($msg =~ /dns: \[\.\.\.\]/) { | |
2770 | #TD SA info: dns: [...] ;; ADDITIONAL SECTION (1 record) | |
2771 | next; | |
2772 | } | |
2773 | # canonicalize some PIDs and IDs | |
2774 | elsif ($msg =~ s/^pyzor: \[\d+\] error/pyzor: [<PID>] error/) { | |
2775 | #TD SA info: pyzor: [11550] error: TERMINATED, signal 15 (000f) | |
2776 | } | |
2777 | elsif ($msg =~ /dns: no likely matching queries for id \d+/) { | |
2778 | $msg =~ s/\d+/<ID>/; | |
2779 | } | |
2780 | elsif ($msg =~ /dns: no callback for id \d+/) { | |
2781 | $msg =~ s/\d+.*$/<ID>.../; | |
2759 | 2782 | } |
2760 | 2783 | |
2761 | 2784 | # report other SA warn's |
3013 | 3036 | } |
3014 | 3037 | |
3015 | 3038 | # Timing report |
3016 | } elsif (my ($total,$report) = ( $p1 =~ /^(?:size: \d+, )?TIMING \[total (\d+) ms\] - (.+)$/)) { | |
3039 | } elsif (my ($total,$report) = ( $p1 =~ /^(?:size: \d+, )?TIMING \[total (\d+) ms(?:, [^]]+)?\] - (.+)$/)) { | |
3017 | 3040 | next if ($report =~ /^got data/); # skip amavis release timing |
3018 | ||
3019 | 3041 | #TD TIMING [total 5808 ms] - SMTP greeting: 5 (0%)0, SMTP LHLO: 1 (0%)0, SMTP pre-MAIL: 2 (0%)0, SMTP pre-DATA-flush: 5 (0%)0, SMTP DATA: 34 (1%)1, check_init: 1 (0%)1 |
3020 | 3042 | # older format, maia mailguard |
3021 | 3043 | #TD TIMING [total 3795 ms] - SMTP EHLO: 1 (0%), SMTP pre-MAIL: 0 (0%), maia_read_system_config: 1 (0%), maia_get_mysql_size_limit: 0 (0%), SA check: 3556 (94%), rundown: 0 (0%) |
3044 | # v2.8.1 | |
3045 | # .... size: 3815, TIMING [total 1901 ms, cpu 657 ms] - ... | |
3046 | ||
3022 | 3047 | |
3023 | 3048 | # Timing line is incomplete - let's report it |
3024 | 3049 | if ($p1 !~ /\d+ \(\d+%\)\d+$/ and $p1 !~ /\d+ \(\d+%\)$/) { |
3030 | 3055 | my @pairs = split(/[,:] /, $report); |
3031 | 3056 | while (my ($key,$value) = @pairs) { |
3032 | 3057 | #4 (0%)0 |
3033 | my ($ms) = ($value =~ /^(\d+) /); | |
3058 | my ($ms) = ($value =~ /^([\d.]+) /); | |
3034 | 3059 | # maintain a per-test list of timings |
3035 | 3060 | push @{$Timings{$key}}, $ms; |
3036 | 3061 | shift @pairs; shift @pairs; |
3038 | 3063 | push @TimingsTotals, $total; |
3039 | 3064 | } |
3040 | 3065 | |
3041 | } elsif (($total,$report) = ( $p1 =~ /^TIMING-SA total (\d+) ms - (.+)$/ )) { | |
3066 | } elsif ((($total,$report) = ( $p1 =~ /^TIMING-SA total (\d+) ms - (.+)$/ )) or | |
3067 | (($total,$report) = ( $p1 =~ /^TIMING-SA \[total (\d+) ms, cpu \d+ ms\] - (.+)$/ ))) { | |
3068 | #TIMING-SA [total 3219 ms, cpu 432 ms] - parse: 6 (0.2%), ext | |
3042 | 3069 | #TD TIMING-SA total 5478 ms - parse: 1.69 (0.0%), extract_message_metadata: 16 (0.3%), get_uri_detail_list: 2 (0.0%), tests_pri_-1000: 25 (0.4%), tests_pri_-950: 0.67 (0.0%), tests_pri_-900: 0.83 (0.0%), tests_pri_-400: 19 (0.3%), check_bayes: 17 (0.3%), tests_pri_0: 5323 (97.2%), check_spf: 12 (0.2%), poll_dns_idle: 0.81 (0.0%), check_dkim_signature: 1.50 (0.0%), check_razo r2: 5022 (91.7%), check_dcc: 192 (3.5%), check_pyzor: 0.02 (0.0%), tests_pri_500: 9 (0.2%), tests_pri_1000: 24 (0.4%), total_awl: 23 (0.4%), check_awl: 10 (0.2%), update_awl: 8 (0.1%), learn: 36 (0.7%), get_report: 1.77 (0.0%) |
3043 | 3070 | |
3044 | 3071 | # Timing line is incomplete - let's report it |
3101 | 3128 | } |
3102 | 3129 | |
3103 | 3130 | elsif (($suffix, $decoder) = ( $p1 =~ /^Found decoder for\s+(\.\S*)\s+at\s+(.*)$/)) { |
3131 | #TD Found decoder for .bz2 at /usr/bin/bzip2 -d | |
3132 | #TD Found decoder for .bz2 at /usr/bin/7za (backup, not used) | |
3104 | 3133 | next unless ($Opts{'startinfo'}); |
3105 | $StartInfo{'Decoders'}{'External'}{$suffix} = $decoder; | |
3134 | $StartInfo{'Decoders'}{'External'}{$suffix} = exists $StartInfo{'Decoders'}{'External'}{$suffix} ? | |
3135 | join '; ', $StartInfo{'Decoders'}{'External'}{$suffix}, $decoder : $decoder; | |
3106 | 3136 | } |
3107 | 3137 | |
3108 | 3138 | # AV Scanners |
3129 | 3159 | next unless ($Opts{'startinfo'}); |
3130 | 3160 | $StartInfo{'Code'}{"\u\L$loaded"}{$code} = ""; |
3131 | 3161 | |
3132 | } elsif (my ($module, $vers,) = ( $p1 =~ /^Module (\S+)\s+(.+)$/)) { | |
3162 | } elsif (my ($module, $vers) = ( $p1 =~ /^Module (\S+)\s+(.+)$/)) { | |
3133 | 3163 | #TD Module Amavis::Conf 2.086 |
3134 | 3164 | next unless ($Opts{'startinfo'}); |
3135 | 3165 | $StartInfo{'Code'}{'Loaded'}{$module} = $vers; |
3166 | ||
3167 | } elsif (($module, my $families) = ( $p1 =~ /^socket module (\S+),\s+(.+)$/)) { | |
3168 | #TD socket module IO::Socket::IP, protocol families available: INET, INET6 | |
3169 | next unless ($Opts{'startinfo'}); | |
3170 | $StartInfo{'Code'}{'Loaded'}{$module} = $families; | |
3136 | 3171 | |
3137 | 3172 | } elsif (($code, $location) = ( $p1 =~ /^Found \$(\S+)\s+at\s+(.+)$/)) { |
3138 | 3173 | #TD Found $file at /usr/bin/file |
3144 | 3179 | #TD No $dspam, not using it |
3145 | 3180 | next unless ($Opts{'startinfo'}); |
3146 | 3181 | $StartInfo{'Code'}{'Not loaded'}{$code} = $location; |
3182 | ||
3183 | } elsif (($code, $location) = ( $p1 =~ /^No ext program for\s+([^,]+), (tried: .+)/)) { | |
3184 | #TD No ext program for .kmz, tried: 7za, 7z | |
3185 | #TD No ext program for .F, tried: unfreeze, freeze -d, melt, fcat | |
3186 | next unless ($Opts{'startinfo'}); | |
3187 | $StartInfo{'Code'}{'Not found'}{$code} = $location; | |
3188 | ||
3147 | 3189 | |
3148 | 3190 | } elsif ( $p1 =~ /^starting\.\s+(.+) at \S+ (?:amavisd-new-|Maia Mailguard )([^,]+),/) { |
3149 | 3191 | #TD starting. /usr/local/sbin/amavisd at mailhost.example.com amavisd-new-2.5.0 (20070423), Unicode aware, LANG="C" |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: audit 199 2014-07-14 15:48:15Z opoplawski $ | |
2 | # $Id: audit 224 2014-09-09 10:07:12Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: audit,v $ |
5 | 5 | # Revision 1.15 2009/02/20 17:59:47 mike |
88 | 88 | my $NumberOfDStops = 0; |
89 | 89 | my $NumberOfDdStarts = 0; |
90 | 90 | my $NumberOfDdStops = 0; |
91 | my $NumberOfAllowedMessages = 0; | |
91 | 92 | my $NumberOfLostMessages = 0; |
92 | 93 | my %InvalidContext = (); |
93 | 94 | my %BugLog = (); |
140 | 141 | $NumberOfDStarts++; |
141 | 142 | } elsif ( $ThisLine =~ /The audit daemon is exiting./) { |
142 | 143 | $NumberOfDStops++; |
143 | } elsif ( $ThisLine =~ /audit_lost=[0-9]+ audit_backlog=[0-9]+ audit_rate_limit=[0-9]+ audit_backlog_limit=[0-9]+$/) { | |
144 | } elsif ( $ThisLine =~ /audit_lost=[0-9]+ (audit_backlog=[0-9]+ )?audit_rate_limit=[0-9]+ audit_backlog_limit=[0-9]+$/) { | |
144 | 145 | $NumberOfLostMessages++; |
145 | 146 | } elsif ( $ThisLine =~ /auditd startup succeeded/) { |
146 | 147 | $NumberOfDdStarts++; |
165 | 166 | # type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33 |
166 | 167 | # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0 |
167 | 168 | $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++; |
169 | } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?parent=\d+ profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) { | |
170 | # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12" | |
171 | # type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill" | |
172 | # type=1400 audit(1369823965.682:824587): apparmor="ALLOWED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/var/lib/dovecot/.temp.3733.d786c1fcaaa73248" pid=3733 comm="dovecot" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 | |
173 | $NumberOfAllowedMessages++; | |
168 | 174 | } else { |
169 | 175 | $othercount++; |
170 | 176 | $ThisLine =~ s/^\s*//; |
277 | 283 | } |
278 | 284 | } |
279 | 285 | |
286 | if ($NumberOfAllowedMessages) { | |
287 | print "\n Number of allowed messages: $NumberOfAllowedMessages\n"; | |
288 | } | |
289 | ||
280 | 290 | if ($NumberOfLostMessages) { |
281 | 291 | print "\n Number of lost messages: $NumberOfLostMessages\n"; |
282 | 292 | } |
0 | 0 | |
1 | 1 | use strict; |
2 | 2 | ########################################################################## |
3 | # $Id: dhcpd 150 2013-06-18 22:19:38Z mtremaine $ | |
3 | # $Id: dhcpd 236 2014-09-15 22:10:32Z bjorn1 $ | |
4 | 4 | ########################################################################## |
5 | 5 | |
6 | 6 | ######################################################## |
77 | 77 | } elsif ( |
78 | 78 | ($line =~ /^you want, please write a subnet declaration/) or |
79 | 79 | ($line =~ /^in your dhcpd.conf file for the network segment/) or |
80 | ($line =~ /^to which interface [a-z\d]+ is attached./) or | |
80 | ($line =~ /^to which interface [a-z\d\.]+ is attached./) or | |
81 | 81 | |
82 | 82 | ($line =~ /^If you did not get this software from ftp.isc.org, please/) or |
83 | 83 | ($line =~ /^get the latest from ftp.isc.org and install that before/) or |
110 | 110 | $data{'Generic error'}{$line}++; |
111 | 111 | } elsif ($line =~ /^There's already a DHCP server running./) { |
112 | 112 | $data{'Generic error'}{$line}++; |
113 | } elsif ($line =~ s/^\*\* Ignoring requests on ([a-z\d]+). If this is not what\s*$/Ignoring interface $1/) { | |
114 | $data{'Config error'}{$line}++; | |
115 | } elsif ($line =~ s/^No subnet6? declaration for ([a-z\d]+) ([\(\)\d\.ia-fA-F:]+).\s*$/No subnet declaration for $1 $2/) { | |
113 | } elsif ($line =~ s/^\*\* Ignoring requests on ([a-z\d\.]+). If this is not what\s*$/Ignoring interface $1/) { | |
114 | $data{'Config error'}{$line}++; | |
115 | } elsif ($line =~ s/^No subnet6? declaration for ([a-z\d\.]+) ([\(\)\d\.ia-fA-F:]+).\s*$/No subnet declaration for $1 $2/) { | |
116 | 116 | $data{'Config error'}{$line}++; |
117 | 117 | } elsif ($line =~ /^If this DHCP server is authoritative for that subnet,$/) { |
118 | 118 | $data{'Config error'}{'missing authoritative directive'}++; |
160 | 160 | if ($Detail >= 5) { |
161 | 161 | $data{'Addresses Released'}{$line}++; |
162 | 162 | } |
163 | } elsif ($line =~ s/^added reverse map from ([\d]+).([\d]+).([\d]+).([\d]+).in-addr.arpa. to ([a-zA-Z\d._-]+)\s*$/Add reverse $4.$3.$2.$1 -> $5/) { | |
164 | if ($Detail >= 7) { | |
165 | $data{'DNS Mappings'}{$line}++; | |
166 | } | |
167 | } elsif ($line =~ s/^removed reverse map on ([\d]+).([\d]+).([\d]+).([\d]+).in-addr.arpa.\s*$/Remove reverse $4.$3.$2.$1/) { | |
163 | } elsif ($line =~ s/^[Aa]dded reverse map from ([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)\.in-addr\.arpa\.? to ([a-zA-Z\d._-]+)\s*$/Add reverse $4.$3.$2.$1 -> $5/) { | |
164 | if ($Detail >= 7) { | |
165 | $data{'DNS Mappings'}{$line}++; | |
166 | } | |
167 | } elsif ($line =~ s/^[Rr]emoved reverse map on ([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)\.in-addr\.arpa\.?\s*$/Remove reverse $4.$3.$2.$1/) { | |
168 | 168 | if ($Detail >= 7) { |
169 | 169 | $data{'DNS Mappings'}{$line}++; |
170 | 170 | } |
171 | 171 | } elsif ($line =~ s/^Added new forward map from ([a-zA-Z\d\-_.]+) to ([\d.]+)\s*$/Add forward $1 -> $2/) { |
172 | 172 | if ($Detail >= 7) { |
173 | 173 | $data{'DNS Mappings'}{$line}++; |
174 | } | |
175 | } elsif ($line =~ s/^Removed forward map from ([a-zA-Z\d\-_.]+) to ([\d.]+)\s*$/Remove forward $1 -> $2/) { | |
176 | if ($Detail >= 7) { | |
177 | $data{'DNS Mappings'}{$line}++; | |
178 | } | |
179 | } elsif ($line =~ /^No hostname for [\d.]+\s*$/) { | |
180 | if ($Detail >= 7) { | |
181 | $data{'Warnings'}{$line}++; | |
174 | 182 | } |
175 | 183 | } elsif ($line =~ s/^if ([a-zA-Z\d\-_.]+) IN A rrset doesn't exist delete ([a-zA-Z\d\-_.]+) IN TXT "([a-f\d]+)": success.\s*$/Remove forward TXT from $1 (TXT "$3")/) { |
176 | 184 | if ($Detail >= 7) { |
0 | 0 | ######################################################## |
1 | # $Id: dovecot 197 2014-05-30 17:31:32Z opoplawski $ | |
1 | # $Id: dovecot 225 2014-09-09 10:12:29Z stefjakobs $ | |
2 | 2 | ######################################################## |
3 | 3 | # $Log: dovecot,v $ |
4 | 4 | # Revision 1.18 2010/09/18 17:41:00 stefan |
255 | 255 | $Disconnected{"no reason"}++; |
256 | 256 | } elsif (($Reason) = ($ThisLine =~ /Disconnected: (.*) \[/) ) { |
257 | 257 | $Disconnected{$Reason}++; |
258 | } elsif (($Reason) = ($ThisLine =~ /Disconnected: (.*) (bytes|top)=.*/) ) { | |
258 | } elsif (($Reason) = ($ThisLine =~ /Disconnected: (.*) (bytes|top|in)=.*/) ) { | |
259 | 259 | $Disconnected{$Reason}++; |
260 | 260 | } elsif (($Reason) = ($ThisLine =~ /Disconnected \((.*)\):/) ) { |
261 | 261 | $Disconnected{$Reason}++; |
262 | 262 | } elsif ($ThisLine =~ /Disconnected (bytes|top)=.*/) { |
263 | 263 | $Disconnected{"No reason"}++; |
264 | } elsif ($ThisLine =~ /Server shutting down./) { | |
265 | $ConnectionCl{"Server shutting down"}++; | |
264 | 266 | } elsif (($Reason, $Host) = ($ThisLine =~ /TLS initialization failed/) ) { |
265 | 267 | $TLSInitFail++; |
266 | 268 | } elsif (($Host) = ($ThisLine =~ /Aborted login:.* rip=(.*),/) ) { |
0 | 0 | ########################################################################## |
1 | # $Id: exim 158 2013-08-19 09:17:57Z stefjakobs $ | |
2 | ########################################################################## | |
3 | # $Log: exim,v $ | |
4 | # Revision 1.25 2010/09/18 17:31:00 stefan | |
5 | # removing unused variable $tz | |
6 | # | |
7 | # Revision 1.24 2009/06/02 14:50:37 mike | |
8 | # Patch from Fedora (Ivan Varekova) -mgt | |
9 | # | |
10 | # Revision 1.23 2008/06/30 23:07:51 kirk | |
11 | # fixed copyright holders for files where I know who they should be | |
12 | # | |
13 | # Revision 1.22 2008/03/24 23:31:26 kirk | |
14 | # added copyright/license notice to each script | |
15 | # | |
16 | # Revision 1.21 2008/01/16 20:29:18 bjorn | |
17 | # Optimizing by using push, as per Steve Holden. | |
18 | # | |
19 | # Revision 1.20 2007/02/11 01:50:47 bjorn | |
20 | # New handling of problem addresses, DNSBL warnings, and other transaction | |
21 | # and connection errors, by Nigel Metheringham | |
22 | # | |
23 | # Revision 1.19 2006/08/23 21:19:02 bjorn | |
24 | # Process Greylisting, by Jan Pazdziora. | |
25 | # | |
26 | # Revision 1.18 2006/03/02 16:22:23 bjorn | |
27 | # Additional error detection, by Gary Allen Vollink. | |
28 | # | |
29 | # Revision 1.17 2005/11/02 17:03:12 bjorn | |
30 | # Additional patches, from Ruth Ivimey-Cook. | |
31 | # | |
32 | # Revision 1.16 2005/11/02 16:05:18 bjorn | |
33 | # Significant expansion of detecting and reporting error messages, by | |
34 | # Ruth Ivimey-Cook; deleted redundant errors, by Gary Allen Vollink | |
35 | # | |
36 | # Revision 1.15 2005/09/27 19:52:42 bjorn | |
37 | # Handle reverse lookup failures, by Stig Brautaset | |
38 | # | |
39 | # Revision 1.14 2005/05/25 23:09:28 bjorn | |
40 | # Added filters for malware/viruses, and protocol errors, by Gary Allen Vollink. | |
41 | # | |
1 | # $Id: exim 217 2014-09-09 09:21:20Z stefjakobs $ | |
42 | 2 | ########################################################################## |
43 | 3 | |
44 | 4 | ######################################################## |
161 | 121 | $DontAccept{$ThisLine}++; |
162 | 122 | } |
163 | 123 | elsif ( $ThisLine =~ /do not accept mail / ) { |
124 | $DontAccept{$ThisLine}++; | |
125 | } | |
126 | elsif ( $ThisLine =~ /rejected connection in .connect. ACL/ ) { | |
127 | # Likely policy rejections | |
164 | 128 | $DontAccept{$ThisLine}++; |
165 | 129 | } |
166 | 130 | elsif ( $ThisLine =~ /believed to be spam/ ) { |
420 | 384 | if ($Detail >= $LvlDontAccept) { |
421 | 385 | # Print Administrative Prohibitions |
422 | 386 | if (%DontAccept) { |
423 | my (%spam); | |
387 | my (%spam, %detail); | |
424 | 388 | my (@errList); |
425 | 389 | |
426 | 390 | # Probable SPAM hosts... |
439 | 403 | $cc = "Blocked Email Domain"; |
440 | 404 | $bb = "$1\@$2"; |
441 | 405 | } |
406 | elsif ( $ThisOne =~ m/rejected connection in .connect. ACL/ ) { | |
407 | $cc = "Blocked Host"; | |
408 | ( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); | |
409 | } | |
442 | 410 | elsif ( $ThisOne =~ m/mail not permitted from sender ([\w\*-_.]+)@([\w.-_]+)/ ) { |
443 | 411 | $cc = "Blocked Email Address"; |
444 | 412 | $bb = "$1\@$2"; |
473 | 441 | } |
474 | 442 | elsif ( $ThisOne =~ m/remote host address is the local host/ ) { |
475 | 443 | $cc = "Invalid local domain"; |
476 | ( $bb ) = ($ThisOne =~ m/\@\[^>]+/); | |
444 | ( $bb ) = ($ThisOne =~ m/\@[^>]+/); | |
477 | 445 | } |
478 | 446 | else { |
479 | 447 | # If we picked up a malfunction but didn't collect it here, |
482 | 450 | #next; |
483 | 451 | print "Didn't Summarize: $ThisOne\n"; |
484 | 452 | } |
485 | if (defined( $spam{$cc} )) { | |
486 | $mid = $spam{$cc}; | |
487 | } | |
488 | $spam{$cc} = "$mid$aa : $bb,"; | |
453 | if ($cc =~ m/Blocked/ ) { | |
454 | # hash of blocked things | |
455 | my $h = {}; | |
456 | if (!defined($detail{$cc})) { | |
457 | # debug print "add type $cc\n" ; | |
458 | $detail{$cc} = $h; | |
459 | } | |
460 | $h = $detail{$cc}; | |
461 | ||
462 | if (defined($h{$bb})) { | |
463 | # debug print "add $bb to ".$h{$bb}."\n" ; | |
464 | $h{$bb} = $h{$bb} + 1; | |
465 | } | |
466 | else { | |
467 | $h{$bb} = 1; | |
468 | # debug print "start $bb at ".$h{$bb}."\n" ; | |
469 | } | |
470 | # marker | |
471 | $spam{$cc} = ""; | |
472 | } | |
473 | else { | |
474 | ||
475 | if (defined( $spam{$cc} )) { | |
476 | $mid = $spam{$cc}; | |
477 | } | |
478 | $spam{$cc} = "$mid$aa : $bb,"; | |
479 | ||
480 | } | |
489 | 481 | } |
490 | 482 | foreach $ThisOne (sort(keys %spam)) { |
491 | 483 | if ($Detail >= $LvlDontAcceptLines) { |
492 | print " $ThisOne\n"; | |
493 | foreach $aa ( sort( split /,/, $spam{$ThisOne} )) { | |
494 | print " $aa\n"; | |
484 | if ($spam{$cc} eq "") { | |
485 | print " $ThisOne\n"; | |
486 | my $h = $detail{$ThisOne}; | |
487 | foreach $aa (sort(keys %h) ) { | |
488 | print " $aa : ".$h{$aa}." times\n"; | |
489 | } | |
490 | } | |
491 | else { | |
492 | print " $ThisOne\n"; | |
493 | foreach $aa ( sort( split /,/, $spam{$ThisOne} )) { | |
494 | print " $aa\n"; | |
495 | } | |
495 | 496 | } |
496 | 497 | } |
497 | 498 | else { |
0 | 0 | ########################################################################## |
1 | # $Id: fail2ban 150 2013-06-18 22:19:38Z mtremaine $ | |
1 | # $Id: fail2ban 226 2014-09-09 11:07:27Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: fail2ban,v $ |
4 | 4 | # Revision 1.5 2008/08/18 16:07:46 mike |
66 | 66 | ($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban |
67 | 67 | ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or |
68 | 68 | ($ThisLine =~ /INFO\s+Log rotation detected for/) or |
69 | ($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller)/) or | |
69 | ($ThisLine =~ /INFO\s+Jail.+(?:stopped|started|uses poller|uses pyinotify)/) or | |
70 | 70 | ($ThisLine =~ /INFO\s+Changed logging target to/) or |
71 | 71 | ($ThisLine =~ /INFO\s+Creating new jail/) or |
72 | 72 | ($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban |
73 | 73 | ($ThisLine =~ /..,... WARNING: Verbose level is /) or |
74 | ($ThisLine =~ /..,... WARNING: Restoring firewall rules/) | |
74 | ($ThisLine =~ /..,... WARNING: Restoring firewall rules/) or | |
75 | ($ThisLine =~ /WARNING Determined IP using DNS Lookup: [^ ]+ = \['[^']+'\]/) or | |
76 | ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or | |
77 | ($ThisLine =~ /INFO\s+Initiated 'pyinotify' backend/) or | |
78 | ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) | |
75 | 79 | ) |
76 | 80 | { |
77 | 81 | if ( $Debug >= 6 ) { |
78 | 82 | print STDERR "DEBUG($DebugCounter): line ignored\n"; |
79 | 83 | } |
80 | } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { | |
84 | } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { | |
81 | 85 | if ( $Debug >= 6 ) { |
82 | 86 | print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n"; |
83 | 87 | } |
90 | 94 | push @{$ServicesBans{$Service}{$Host}{'Failures'}}, $NumFailures; |
91 | 95 | } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ ERROR:\s(.*):\s(\S+)\salready in ban list/)) { |
92 | 96 | $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++; |
93 | } elsif ( my ($Service,$Host) = ($ThisLine =~ m/WARNING\s*\[(.*)\]\s*(\S+)\s*already banned/)) { | |
97 | } elsif ( my ($Service,$Host) = ($ThisLine =~ m/(?:INFO|WARNING)\s*\[(.*)\]\s*(\S+)\s*already banned/)) { | |
94 | 98 | $ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++; |
95 | 99 | } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) { |
96 | 100 | $ServicesBans{$Service}{$Host}{'ReBan'}++; |
0 | 0 | ########################################################################## |
1 | # $Id: fetchmail 150 2013-06-18 22:19:38Z mtremaine $ | |
1 | # $Id: fetchmail 230 2014-09-09 12:30:37Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | |
4 | 4 | ######################################################## |
50 | 50 | $conn_fail{"${1} -- ${2}"}++; |
51 | 51 | } elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) { |
52 | 52 | $messages_for{"${2} at ${3}"} += $1; |
53 | } elsif($ThisLine =~ s/^(\d+) messages? \((\d+) seen\) for (\S+) at (\S+).*.//) { | |
54 | $messages_for{"${3} at ${4}"} += ($1-$2); | |
53 | 55 | } else { |
54 | 56 | chomp($ThisLine); |
55 | 57 | # Report any unmatched entries... |
0 | 0 | ########################################################################## |
1 | # $Id: http 179 2014-01-09 16:29:00Z opoplawski $ | |
1 | # $Id: http 233 2014-09-09 15:52:31Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | |
4 | 4 | ##################################################### |
112 | 112 | |
113 | 113 | ###################### |
114 | 114 | # file type comparisons are case-insensitive |
115 | my $image_types = '(\.bmp|\.cdr|\.emz|\.gif|\.ico|\.jpeg|\.jpg|\.png|\.svg|\.sxd|\.tif|\.tiff|\.wbmp|\.wmf|\.wmz|\.xdm)'; | |
115 | my $image_types = '(\.bmp|\.cdr|\.emz|\.gif|\.ico|\.jpe?g|\.png|\.svg|\.sxd|\.tiff?|\.wbmp|\.webp|\.wmf|\.wmz|\.xdm)'; | |
116 | 116 | my $content_types = '('; |
117 | 117 | $content_types = $content_types.'\/server-status|\/server-info'; |
118 | 118 | $content_types = $content_types.'|\.htm|\.html|\.jhtml|\.phtml|\.shtml|\/\.?'; |
126 | 126 | $content_types = $content_types.'|\.fla|\.swf|\.rdf'; |
127 | 127 | $content_types = $content_types.'|\.class|\.jsp|\.jar|\.java'; |
128 | 128 | $content_types = $content_types.'|COPYRIGHT|README|FAQ|INSTALL|\.txt)'; |
129 | my $docs_types = '(\.asc|\.bib|\.djvu|\.doc|\.dot|\.dtd|\.dvi|\.gnumeric|\.mcd|\.mso|\.pdf|\.pps|\.ppt|\.ps|\.rtf|\.sxi|\.tex|\.text|\.tm|\.xls|\.xml)'; | |
130 | my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip|\.hdr)'; | |
131 | my $sound_types = '(\.au|\.aud|\.mid|\.mp3|\.ogg|\.pls|\.ram|\.raw|\.rm|\.wav|\.wma|\.wmv|\.xsm)'; | |
132 | my $movie_types = '(\.asf|\.ass|\.avi|\.idx|\.mid|\.mpg|\.mpeg|\.mov|\.qt|\.psb|\.srt|\.ssa|\.smi|\.sub)'; | |
129 | my $docs_types = '(\.asc|\.bib|\.djvu|\.docx?|\.dot|\.dtd|\.dvi|\.gnumeric|\.mcd|\.mso|\.pdf|\.pps|\.pptx?|\.ps|\.rtf|\.sxi|\.tex|\.text|\.tm|\.xlsx?|\.xml)'; | |
130 | my $archive_types = '(\.7z|\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip|\.hdr)'; | |
131 | my $sound_types = '(\.aac|\.au|\.aud|\.m4a|\.mid|\.mp3|\.oga|\.pls|\.ram|\.raw|\.rm|\.wav|\.wma|\.xsm)'; | |
132 | my $movie_types = '(\.asf|\.ass|\.avi|\.idx|\.flv|\.m2?ts|\.mkv|\.mp4|\.mpe?g|\.mov|\.ogg|\.ogv|\.qt|\.psb|\.srt|\.ssa|\.smi|\.sub|\.webm|\.wmv)'; | |
133 | 133 | my $winexec_types = '(\.bat|\.com|\.exe|\.dll)'; |
134 | 134 | my $wpad_files = '(wpad\.dat|wspad\.dat|proxy\.pac)'; |
135 | 135 | my $program_src = '('; |
136 | $program_src = $program_src.'\.bas|\.c|\.cpp|\.diff|\.f|\.h|\.init|\.m|\.mo|\.pas|\.patch|\.po|\.pot|\.py|\.sh|\.spec'; | |
136 | $program_src = $program_src.'\.bas|\.cs?|\.cpp|\.diff|\.f|\.h|\.init|\.m|\.mo|\.pas|\.patch|\.po|\.pot|\.py|\.sh|\.spec'; | |
137 | 137 | $program_src = $program_src.'|Makefile|Makefile_c|Makefile_f77)'; |
138 | 138 | my $images_types = '(\.bin|\.cue|\.img|\.iso|\.run)'; |
139 | 139 | my $logs_types = '(\.log|_log|-log|\.logs|\.out|\.wyniki)'; |
140 | my $fonts_types = '(\.aft|\.ttf)'; | |
140 | my $fonts_types = '(\.aft|\.otf|\.ttf|\.woff)'; | |
141 | 141 | my $config_types = '(\.cfg|\.conf|\.config|\.ini|\.properties)'; |
142 | 142 | my $xpcomext_types = '(\.xpt)'; |
143 | 143 | my $mozext_types = '(\.xul)'; |
405 | 405 | for (my $i = 0; $i < @exploits; $i++) { |
406 | 406 | # print "$i $exploits[$i] $field{lc_url} \n"; |
407 | 407 | if ( ($field{lc_url} =~ /$exploits[$i]/i) && |
408 | !((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/)) && | |
408 | !((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/i)) && | |
409 | 409 | !((defined $ignoreIPs) && ($field{client_ip} =~ /$ignoreIPs/)) ) { |
410 | 410 | $hacks{$field{client_ip}}{$exploits[$i]}++; |
411 | 411 | $total_hack_count += 1; |
699 | 699 | sub shouldIgnore { |
700 | 700 | my($context)=@_; |
701 | 701 | |
702 | if( ((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/)) || | |
702 | if( ((defined $ignoreURLs) && ($field{url} =~ /$ignoreURLs/i)) || | |
703 | 703 | ((defined $ignoreIPs) && ($field{client_ip} =~ /$ignoreIPs/)) ) { |
704 | 704 | return 1; |
705 | 705 | } |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: kernel 183 2014-01-26 13:32:28Z stefjakobs $ | |
2 | # $Id: kernel 229 2014-09-09 12:12:49Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: kernel,v $ |
5 | 5 | # Revision 1.35 2008/03/24 23:31:26 kirk |
103 | 103 | # Standard boot messages |
104 | 104 | next if $ThisLine =~ /Giving out device to /; |
105 | 105 | $EDACs{$1}++; |
106 | } elsif ($ThisLine =~ /block (drbd\d+): Online verify found (\d+) \d+k block out of sync/) { | |
107 | $DRBDErrors{$1} = $2; | |
106 | } elsif ($ThisLine =~ /(block drbd\d+): Online verify found (\d+) \d+k block out of sync/) { | |
107 | $DRBDErrors{$1}{"$2 block(s) out of sync"} = 1; | |
108 | } elsif ($ThisLine =~ /(block drbd\d+): \[.*\] sock_sendmsg time expired/) { | |
109 | $DRBDErrors{$1}{"sock_sendmsg time expired"}++; | |
110 | } elsif ($ThisLine =~ /(block drbd\d+): Began resync as (SyncSource|SyncTarget)/) { | |
111 | $DRBDErrors{$1}{"Began resync as $2"}++; | |
108 | 112 | } elsif ( ( my $errormsg ) = ( $ThisLine =~ /(.*?error.{0,17})/i ) ) { |
109 | 113 | # filter out smb open/read errors cased by insufficient permissions |
110 | 114 | my $SkipError = 0; |
136 | 140 | $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, result=-13/; |
137 | 141 | $SkipError = 1 if $ThisLine =~ /smb_open: .* open failed, error=-13/; |
138 | 142 | $SkipError = 1 if $ThisLine =~ /block drbd\d+: Out of sync: start=\d+/; |
143 | $SkipError = 1 if $ThisLine =~ /block drbd\d+: updated( sync)? UUIDs?/i; | |
144 | $SkipError = 1 if $ThisLine =~ /block drbd\d+: Resync done/; | |
145 | $SkipError = 1 if $ThisLine =~ /block drbd\d+: cs:(?:Ahead|Behind) rs_left/; | |
146 | $SkipError = 1 if $ThisLine =~ /block drbd\d+: \d+ % had equal checksums, eliminated:/; | |
139 | 147 | $Kernel{$ThisLine}++ if ( (! $SkipError) || ($Detail > 8)) ; |
140 | 148 | } |
141 | 149 | } |
160 | 168 | if (keys %DRBDErrors) { |
161 | 169 | print "\nWARNING: DRBD Errors Present\n"; |
162 | 170 | foreach my $Thisone ( sort {$a cmp $b} keys %DRBDErrors ) { |
163 | print " $Thisone : $DRBDErrors{$Thisone} block(s) out of sync\n"; | |
171 | foreach my $Msg (sort {$a cmp $b} keys %{$DRBDErrors{$Thisone}}) { | |
172 | print " $Thisone: $Msg"; | |
173 | print " : $DRBDErrors{$Thisone}{$Msg} Time(s)" if $DRBDErrors{$Thisone}{$Msg} > 1; | |
174 | print "\n"; | |
175 | } | |
164 | 176 | } |
165 | 177 | } |
166 | 178 |
40 | 40 | } |
41 | 41 | close(MDADM); |
42 | 42 | |
43 | foreach my $dev (@devices) { | |
43 | DEV: foreach my $dev (@devices) { | |
44 | 44 | my %mdhash; |
45 | 45 | |
46 | open(MDADM,"mdadm --misc --detail $dev |"); | |
46 | open(MDADM,"mdadm --misc --detail $dev 2>&1 |"); | |
47 | 47 | while (<MDADM>) { |
48 | if ($_ =~ /cannot open .*: No such file or directory/) { | |
49 | print $_; | |
50 | close(MDADM); | |
51 | next DEV; | |
52 | } | |
53 | ||
48 | 54 | $mdhash{'level'} = $1 if ($_ =~ /Raid Level ?: ?(.*)$/); |
49 | 55 | $mdhash{'active'} = $1 if ($_ =~ /Active Devices ?: ?(.*)$/); |
50 | 56 | $mdhash{'working'} = $1 if ($_ =~ /Working Devices ?: ?(.*)$/); |
0 | 0 | ########################################################################## |
1 | # $Id: named 198 2014-06-24 21:27:49Z opoplawski $ | |
1 | # $Id: named 234 2014-09-09 16:08:00Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | # $Log: named,v $ | |
4 | # Revision 1.62 2011/01/06 22:53:00 stefan | |
5 | # add: deferred zone transfers | |
6 | # fix: TTL differs in rdataset | |
7 | # | |
8 | # Revision 1.61 2010/09/18 17:35:00 stefan | |
9 | # add: bad zone transfer request | |
10 | # | |
11 | # Revision 1.60 2010/05/10 00:25:00 stefan | |
12 | # fix: clients-per-query, | |
13 | # add: more lines to ignore, refused notify, client query denied, retry | |
14 | # limit exceeded, too many open file, no SOA, checkhints | |
15 | # | |
16 | # Revision 1.59.1 2010/05/04 22:25:00 stefan | |
17 | # More refresh: and RCODE handling | |
18 | # | |
19 | # Revision 1.58 2009/06/02 14:55:45 mike | |
20 | # Fedora patch from Ivan Varekova -mgt | |
21 | # | |
22 | # Revision 1.57 2008/03/24 23:31:26 kirk | |
23 | # added copyright/license notice to each script | |
24 | # | |
25 | # Revision 1.56 2007/09/02 01:22:30 mrc | |
26 | # - Zone notify update from Orion Poplawski | |
27 | # | |
28 | # Revision 1.55 2007/08/22 19:13:00 bjorn | |
29 | # Additional filtering, including configuration and control channel errors, | |
30 | # by Ivana Varekova. | |
31 | # | |
32 | # Revision 1.54 2007/08/02 05:13:49 mrc | |
33 | # - Catch unmatched update forwarding denied, automatic empty zone, and | |
34 | # unexpected rcode [Thanks: Orion Poplawski] | |
35 | # - Catch unmatched shutdown failure messages | |
36 | # | |
37 | # Revision 1.53 2007/07/08 18:44:51 mrc | |
38 | # Catch unmatched zone update refusals, including viewname in output [Thanks: Ã…ge Strand] | |
39 | # | |
40 | # Revision 1.52 2007/04/28 20:58:39 bjorn | |
41 | # More generic RCODE handling - prints summary of unexpected DNS RCODEs. | |
42 | # | |
43 | # Revision 1.51 2007/04/15 20:03:25 bjorn | |
44 | # Filtering updating zones with views, based on submittal by | |
45 | # Jesper K. Pedersen. | |
46 | # | |
47 | # Revision 1.50 2007/02/16 03:36:25 bjorn | |
48 | # Filtering some D-BUS statements, by Ivana Varekova. | |
49 | # | |
50 | # Revision 1.49 2007/01/29 18:28:38 bjorn | |
51 | # Better formatting of output, by Markus Lude. | |
52 | # | |
53 | # Revision 1.48 2006/11/12 21:14:02 bjorn | |
54 | # Filtering 'transfer started' message, by Russell Coker / Tom London. | |
55 | # | |
56 | # Revision 1.47 2006/10/20 21:02:00 bjorn | |
57 | # Typo fixed by Alex S. | |
58 | # | |
59 | # Revision 1.46 2006/10/20 16:44:38 bjorn | |
60 | # Changed regexp to handle IPV6, by Willi Mann. | |
61 | # | |
62 | # Revision 1.45 2006/09/15 15:40:58 bjorn | |
63 | # Additional filtering by Ivana Varekova. | |
64 | # | |
65 | # Revision 1.44 2006/03/20 20:42:57 bjorn | |
66 | # Additional filtering, by Ivana Varekova. | |
67 | # | |
68 | # Revision 1.43 2005/11/30 05:01:44 bjorn | |
69 | # Don't search for info: string (for Debian), by Willi Mann. | |
70 | # | |
71 | # Revision 1.42 2005/11/24 16:48:30 bjorn | |
72 | # Handles additional statements, by Ivana Varekova. | |
73 | # | |
74 | # Revision 1.41 2005/09/29 15:02:52 bjorn | |
75 | # Filtering 'succeeded' by Ivana Varekova. | |
76 | # | |
77 | # Revision 1.40 2005/04/15 21:44:35 bjorn | |
78 | # testing from anonymous | |
79 | # | |
80 | # Revision 1.39 2005/04/15 21:36:59 bjorn | |
81 | # typo fixed in 'named' release during 2004 | |
82 | # | |
83 | # Revision 1.38 2005/04/13 17:24:13 kirk | |
84 | # Test change | |
85 | # | |
86 | # Revision 1.37 2005/02/24 17:08:04 kirk | |
87 | # Applying consolidated patches from Mike Tremaine | |
88 | # | |
89 | # Revision 1.9 2005/02/21 19:09:52 mgt | |
90 | # Bump to 5.2.8 removed some cvs logs -mgt | |
91 | # | |
92 | # Revision 1.8 2005/02/16 00:43:28 mgt | |
93 | # Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt | |
94 | # | |
95 | # Revision 1.7 2005/02/13 17:15:40 mgt | |
96 | # perl -w corrections for uninit stuff -mgt | |
97 | # | |
98 | # Revision 1.6 2004/10/11 18:14:47 mgt | |
99 | # update from Laurent -mgt | |
100 | # | |
101 | # Revision 1.41 2004/09/29 10:33:29 laurent Dufour <laurent.dufour@havas.com> | |
102 | # Removed some ^ in regex to prevent message not being in start on line to be matched | |
103 | # Added some check for error in named zone config file | |
104 | # Added some check for message not being matched | |
105 | # | |
106 | # Revision 1.4 2004/07/29 19:33:29 mgt | |
107 | # Chmod and removed perl call -mgt | |
108 | # | |
109 | # Revision 1.3 2004/07/10 01:54:35 mgt | |
110 | # sync with kirk -mgt | |
111 | # | |
112 | ######################################################################### | |
113 | 3 | |
114 | 4 | ##################################################### |
115 | 5 | ## Copyright (c) 2008 Kirk Bauer |
180 | 70 | ($ThisLine =~ /Response from unexpected source/) or |
181 | 71 | ($ThisLine =~ /No root nameservers for class IN/) or |
182 | 72 | ($ThisLine =~ /recvfrom: No route to host/) or |
183 | ($ThisLine =~ /(C|c)onnection refused/) or | |
184 | ($ThisLine =~ /lame server resolving/) or | |
185 | 73 | ($ThisLine =~ /transfer of/) or |
186 | 74 | ($ThisLine =~ /using \d+ CPU/) or |
187 | 75 | ($ThisLine =~ /loading configuration/) or |
255 | 143 | ($ThisLine =~ /corporation. Support and training for BIND \d+ are/) or |
256 | 144 | ($ThisLine =~ /available at https:\/\/www.isc.org\/support/) or |
257 | 145 | ($ThisLine =~ /----------------------------------------------------/) or |
146 | ($ThisLine =~ /next key event: /) or | |
147 | ($ThisLine =~ /reconfiguring zone keys/) or | |
148 | ($ThisLine =~ /using built-in DLV key/) or | |
149 | ($ThisLine =~ /reading built-in trusted keys from file/) or | |
150 | ($ThisLine =~ /all zones loaded/) or | |
258 | 151 | # ignore this line because the following line describes the error |
259 | 152 | ($ThisLine =~ /unexpected error/) |
260 | 153 | ) { |
297 | 190 | $ZoneExpired{$Zone}++; |
298 | 191 | } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\: loaded serial/ ) ) { |
299 | 192 | $ZoneLoaded{$Zone}++; |
193 | } elsif ( (undef,$Addr,$Server) = ( $ThisLine =~ /(C|c)onnection refused\)? resolving '(.+)': (.+)/ ) ) { | |
194 | $ConnectionRefused{$Addr}{$Server}++; | |
300 | 195 | } elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) { |
301 | $LameServer{"$Addr ($Server)"}++; | |
196 | $LameServer{$Addr}{$Server}++; | |
302 | 197 | } elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) { |
303 | 198 | $ZoneRemoved{$Zone}++; |
304 | 199 | } elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) { |
392 | 287 | $NoSOA{$Client}++; |
393 | 288 | } elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) { |
394 | 289 | $Hints{$Hint}++; |
290 | } elsif ($ThisLine =~ /^samba_dlz:/) { | |
291 | if ( ($Rhost, $Error) = ($ThisLine =~ /disallowing update of signer=.* name=(.*) type=.* error=(.*)/ )) { | |
292 | $UpdateDenied{"$Rhost ($Error)"}++; | |
293 | } | |
294 | # ignore rest of samba4 dlz entries for now | |
395 | 295 | } else { |
396 | 296 | # Report any unmatched entries... |
397 | 297 | # remove PID from named messages |
542 | 442 | } |
543 | 443 | } |
544 | 444 | |
445 | if ( ( $Detail >= 10 ) and (keys %ConnectionRefused) ) { | |
446 | print "\nConnection refused resolving:\n"; | |
447 | foreach $Addr (sort keys %ConnectionRefused) { | |
448 | print " $Addr:\n"; | |
449 | foreach $Server (sort SortIP keys %{$ConnectionRefused{$Addr}}) { | |
450 | print " $Server: $ConnectionRefused{$Addr}{$Server} Time(s)\n"; | |
451 | } | |
452 | } | |
453 | } | |
454 | ||
545 | 455 | if ( ( $Detail >= 10 ) and (keys %LameServer) ) { |
546 | 456 | print "\nThese addresses had lame server references:\n"; |
547 | foreach $ThisOne (keys %LameServer) { | |
548 | print " $ThisOne: $LameServer{$ThisOne} Time(s)\n"; | |
457 | foreach $Addr (sort keys %LameServer) { | |
458 | print " $Addr:\n"; | |
459 | foreach $Server (sort SortIP keys %{$LameServer{$Addr}}) { | |
460 | print " $Server: $LameServer{$Addr}{$Server} Time(s)\n"; | |
461 | } | |
549 | 462 | } |
550 | 463 | } |
551 | 464 |
0 | 0 | use strict; |
1 | 1 | ########################################################################## |
2 | # $Id: pam_unix 164 2013-08-19 10:22:38Z stefjakobs $ | |
2 | # $Id: pam_unix 215 2014-09-08 20:45:36Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: pam_unix,v $ |
5 | 5 | # Revision 1.36 2011/01/05 22:01:00 stefan |
170 | 170 | } elsif ($line =~ s/^session opened for user (.+) by LOGIN\(uid=\d+\)/$1/) { |
171 | 171 | $data{$service}{'Sessions Opened'}{$line}++; |
172 | 172 | } elsif ($line =~ /session closed for user/) { |
173 | # ignore this line | |
173 | } elsif ($line =~ /^service\(sshd\) ignoring max retries/) { | |
174 | # ignore these lines | |
174 | 175 | } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s+user=(\S*)$/$2 ($1)/) { |
175 | 176 | $data{$service}{'Authentication Failures'}{$line}++; |
176 | 177 | } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s*$/unknown ($1)/) { |
181 | 182 | $data{$service}{'Authentication Failures'}{$line}++; |
182 | 183 | } elsif ($line =~ s/^(\d+) more authentication failures?; .*rhost=(\S*)\s+user=(\S*)$/$3 ($2)/) { |
183 | 184 | $data{$service}{'Authentication Failures'}{$line} += $1; |
184 | } elsif ($line =~ s/^(\d+) more authentication failures?; .*rhost=(\S*)$/unknown ($2)/) { | |
185 | } elsif ($line =~ s/^(\d+) more authentication failures?; .*rhost=(\S*)\s*$/unknown ($2)/) { | |
185 | 186 | $data{$service}{'Authentication Failures'}{$line} += $1; |
186 | 187 | } elsif ($line =~ /check pass; user unknown/) { |
187 | 188 | $data{$service}{'Invalid Users'}{'Unknown Account'}++; |
54 | 54 | no warnings "uninitialized"; |
55 | 55 | use re 'taint'; |
56 | 56 | |
57 | our $Version = '1.40.00'; | |
57 | our $Version = '1.40.03'; | |
58 | 58 | our $progname_prefix = 'postfix'; |
59 | 59 | |
60 | 60 | # Specifies the default configuration file for use in standalone mode. |
3585 | 3585 | } |
3586 | 3586 | |
3587 | 3587 | # Client TLS messages |
3588 | elsif ( ($status,$host,$type) = ($p1 =~ /^(?:(Verified|Trusted|Untrusted) )?TLS connection established to ([^ ]*): (.*)$/o)) { | |
3588 | elsif ( ($status,$host,$type) = ($p1 =~ /^(?:(Verified|Trusted|Untrusted|Anonymous) )?TLS connection established to ([^ ]*): (.*)$/o)) { | |
3589 | 3589 | #TD TLS connection established to example.com: TLSv1 with cipher AES256-SHA (256/256 bits) |
3590 | 3590 | # Postfix 2.5+: peer verification status: Untrusted, Trusted or Verified when |
3591 | 3591 | # server's trust chain is valid and peername is matched |
3930 | 3930 | push @ignore_list, qr/^report recipient to all milters /; |
3931 | 3931 | push @ignore_list, qr/_action = defer_if_permit$/; |
3932 | 3932 | push @ignore_list, qr/^reject_invalid_hostname: /; |
3933 | push @ignore_list, qr/^cfg_get_/; | |
3934 | push @ignore_list, qr/^sacl_check: /; | |
3933 | 3935 | |
3934 | 3936 | # non-anchored |
3935 | 3937 | #push @ignore_list, qr/: Greylisted for /; |
4737 | 4739 | #TDsd warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=11 |
4738 | 4740 | #TDs warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=11 |
4739 | 4741 | $warning =~ s/^(Read failed in network_biopair_interop) with .*$/$1/; |
4742 | ||
4743 | =cut | |
4744 | $warning =~ s/^(TLS library problem: )\d+:(error:.*)$/$1$2/; | |
4745 | $warning =~ s/^(network_biopair_interop: error reading) \d+ bytes(.*)$/$1$2/; | |
4746 | ||
4747 | 1 TLS library problem: 10212:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher... | |
4748 | 1 TLS library problem: 10217:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher... | |
4749 | 1 network_biopair_interop: error reading 1102 bytes from the network: Connection reset by peer | |
4750 | 1 network_biopair_interop: error reading 1120 bytes from the network: Connection reset by peer | |
4751 | =cut | |
4752 | ||
4740 | 4753 | |
4741 | 4754 | $Totals{'warningsother'}++; return unless ($Collecting{'warningsother'}); |
4742 | 4755 | $Counts{'warningsother'}{$warning}++; |
0 | 0 | ######################################################################### |
1 | # $Id: secure 189 2014-02-07 13:56:36Z stefjakobs $ | |
1 | # $Id: secure 231 2014-09-09 12:59:24Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: secure,v $ |
4 | 4 | # Revision 1.86 2009/11/14 16:26:41 kirk |
350 | 350 | } elsif ( ($Service,undef,$Name,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: warning: ([^ ]+), line \d+: host name\/name mismatch: ([^ ]+) != ([^ ]+)$/) ) { |
351 | 351 | $NameVerifyFail{$Service}{"$Name != $IP"}++; |
352 | 352 | } elsif ( ($Display, $User) = ($ThisLine =~ /^xscreensaver\[\d+\]: FAILED LOGIN \d ON DISPLAY \"([^ ]+)\", FOR \"([^ ]+)\"$/) ) { |
353 | $FailedSaver{$User}{$Display}++; | |
353 | $FailedSaver->{$User}->{$Display}++; | |
354 | 354 | } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: No route to host$/$1/ ) { |
355 | 355 | $NoIP->{$ThisLine}++; |
356 | 356 | } elsif ( $ThisLine =~ s/^([^ ]+)\[\d+\]: warning: can\'t get client address: Network is unreachable$/$1/ ) { |
687 | 687 | print "\nFailed screensaver disable:\n"; |
688 | 688 | foreach $User (sort {$a cmp $b} keys %{$FailedSaver}) { |
689 | 689 | print " User $User on displays:\n"; |
690 | foreach $Display (sort {$a cmp $b} keys %{$FailedSaver{$User}}) { | |
691 | print " $Display : $FailedSaver{$User}{$Display} Time(s)\n"; | |
690 | foreach $Display (sort {$a cmp $b} keys %{$FailedSaver->{$User}}) { | |
691 | print " $Display : " . $FailedSaver->{$User}->{$Display} . " Time(s)\n"; | |
692 | 692 | } |
693 | 693 | } |
694 | 694 | } |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: sendmail 150 2013-06-18 22:19:38Z mtremaine $ | |
2 | # $Id: sendmail 220 2014-09-09 09:35:36Z stefjakobs $ | |
3 | 3 | ########################################################################## |
4 | 4 | # $Log: sendmail,v $ |
5 | 5 | # Revision 1.97 2008/03/24 23:31:26 kirk |
904 | 904 | } elsif ($ThisLine=~ /^headers too large .* from (.*) during message collect$/) { |
905 | 905 | $LargeHdrs{$1}++; |
906 | 906 | # file=srvrsmtp.c, LogLevel>5, LOG_INFO |
907 | } elsif ($ThisLine=~ /(\S*) ?\[([0-9\.]+)\](?: \(may be forged\))?: (\S+) (\S+) \[rejected\]/i) { | |
908 | chomp($Host=$2." ". (defined($1) ? "(".$1.")" : "(unresolved)") ); | |
909 | $Luser=$4; | |
910 | $RejCmd=uc $3; | |
907 | } elsif ($ThisLine=~ /(\S*) ?\[(IPv6:)?([0-9A-F\.:]+)\](?: \(may be forged\))?: (\S+) (\S+) \[rejected\]/i) { | |
908 | chomp($Host=$3." ". (defined($1) ? "(".$1.")" : "(unresolved)") ); | |
909 | $Luser=$5; | |
910 | $RejCmd=uc $4; | |
911 | 911 | $Abuse{$Host}{$Luser}{$RejCmd}++; |
912 | 912 | # file=srvrsmtp.c, LogLevel>5, LOG_INFO |
913 | } elsif ( $ThisLine =~ /\[([0-9\.]+)]: ETRN (\S+)/ ) { | |
914 | chomp($ETRN=$2." from ".$1); | |
913 | } elsif ( $ThisLine =~ /\[(IPv6:)?([0-9A-F\.:]+)]: ETRN (\S+)/i ) { | |
914 | chomp($ETRN=$3." from ".$2); | |
915 | 915 | $ETRNs{$ETRN}++; |
916 | 916 | # file=conf.c, LogLevel>8, LOG_NOTICE |
917 | 917 | } elsif ( $ThisLine =~ /rejecting connections on daemon [^ ]+: load average: ([0-9]+)/ ) { |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: smartd 182 2014-01-26 12:46:02Z stefjakobs $ | |
3 | ########################################################################## | |
4 | # $Log: smartd,v $ | |
5 | # Revision 1.26 2009/06/02 15:01:34 mike | |
6 | # Fedora patch from Ivan Varekova -mgt | |
7 | # | |
8 | # Revision 1.25 2008/12/09 18:24:24 mike | |
9 | # Patch from Stefan Jakobs for new smartd with SATA support -mgt | |
10 | # | |
11 | # Revision 1.24 2008/06/30 20:47:20 kirk | |
12 | # fixed copyright holders for files where I know who they should be | |
13 | # | |
14 | # Revision 1.23 2008/03/24 23:31:27 kirk | |
15 | # added copyright/license notice to each script | |
16 | # | |
17 | # Revision 1.22 2008/01/16 20:22:38 bjorn | |
18 | # Makes reporting of SCSI and IDE uniform, by Tom Shield. | |
19 | # | |
2 | # $Id: smartd 239 2014-09-16 20:14:12Z opoplawski $ | |
20 | 3 | ########################################################################## |
21 | 4 | |
22 | 5 | ####################################################### |
60 | 43 | my %UnavailableDev = (); |
61 | 44 | my %SataDisk = (); |
62 | 45 | my %CheckFailed = (); |
46 | my %Monitoring = (); | |
47 | my %DeviceInfo = (); | |
63 | 48 | |
64 | 49 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
65 | 50 | my $IgnoreUnmatched = $ENV{'smartd_ignore_unmatched'} || 0; |
68 | 53 | chomp($ThisLine); |
69 | 54 | if ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), No such device(?: or address)?, open\(\) failed/ )) { |
70 | 55 | # ignore |
71 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), is SMART capable. Adding to "monitor" list./ )) { | |
56 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), open\(\) failed: No such device(?: or address)?/ )) { | |
72 | 57 | # ignore |
73 | 58 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), found in smartd database./ )) { |
74 | 59 | # ignore |
98 | 83 | # ignore |
99 | 84 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^# *[0-9]+ Offline *Fatal or unknown error/ )) { |
100 | 85 | # ignore |
101 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), not capable of SMART self-check/ )) { | |
86 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), not capable of SMART (Health Status |self-)check/ )) { | |
102 | 87 | # ignore |
103 | 88 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), is in STANDBY mode, skipping checks/ )) { |
104 | 89 | # ignore |
115 | 100 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^ *$/ )) { |
116 | 101 | # ignore empty lines |
117 | 102 | } elsif ( ($ThisLine =~ /^smartd version/) |
118 | || ($ThisLine =~ /^Home page/) | |
119 | || ($ThisLine =~ /^smartd .*Copyright \(C\) [0-9-]+ by Bruce Allen/) | |
120 | || ($ThisLine =~ /configuration file/i) | |
121 | || ($ThisLine =~ /\[trip Temperature is \d+ Celsius\]/) | |
122 | || ($ThisLine =~ /^Monitoring/) | |
123 | || ($ThisLine =~ /smartd received signal 15: Terminated/) | |
124 | || ($ThisLine =~ /smartd is exiting \(exit status 0\)/) | |
125 | || ($ThisLine =~ /smartd has fork/) | |
126 | || ($ThisLine =~ /smartd (startup|shutdown) succeeded/) | |
127 | || ($ThisLine =~ /Unable to register device (.*) \(no Directive -d removable\). Exiting/) | |
128 | || ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./) | |
129 | || ($ThisLine =~ /Device: (.*), IE \(SMART\) not enabled, skip device Try '.*' to turn on SMART features/) | |
130 | || ($ThisLine =~ /Device: (.*), Bad IEC (SMART) mode page, err=-5, skip device/) | |
131 | || ($ThisLine =~ /Drive: DEVICESCAN, implied '-a' Directive on line [\d]+ of file/) | |
132 | || ($ThisLine =~ /packet devices \[this device CD\/DVD\] not SMART capable/) | |
133 | || ($ThisLine =~ /System clock time adjusted to the past/) ) | |
103 | || ($ThisLine =~ /^smartd [0-9.]+ [0-9-]+ r[0-9]+ \[.*\]/) | |
104 | || ($ThisLine =~ /^Home page/) | |
105 | || ($ThisLine =~ /Copyright \(C\) [0-9-]+(?: by|,) Bruce Allen/) | |
106 | || ($ThisLine =~ /configuration file/i) | |
107 | || ($ThisLine =~ /\[trip Temperature is \d+ Celsius\]/) | |
108 | || ($ThisLine =~ /^Monitoring/) | |
109 | || ($ThisLine =~ /smartd received signal 15: Terminated/) | |
110 | || ($ThisLine =~ /smartd is exiting \(exit status 0\)/) | |
111 | || ($ThisLine =~ /smartd has fork/) | |
112 | || ($ThisLine =~ /smartd (startup|shutdown) succeeded/) | |
113 | || ($ThisLine =~ /Unable to register device (.*) \(no Directive -d removable\). Exiting/) | |
114 | || ($ThisLine =~ /Device (.*), SATA disks accessed via libata are not currently supported by smartmontools./) | |
115 | || ($ThisLine =~ /Device: (.*), IE \(SMART\) not enabled, skip device/) | |
116 | || ($ThisLine =~ /^Try '.*' to turn on SMART features/) | |
117 | || ($ThisLine =~ /Device: (.*), Bad IEC (SMART) mode page, err=-5, skip device/) | |
118 | || ($ThisLine =~ /Drive: DEVICESCAN, implied '-a' Directive on line [\d]+ of file/) | |
119 | || ($ThisLine =~ /packet devices \[this device CD\/DVD\] not SMART capable/) | |
120 | || ($ThisLine =~ /System clock time adjusted to the past/) ) | |
134 | 121 | { |
135 | 122 | # ignore |
136 | 123 | |
124 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), is SMART capable. Adding to "monitor" list./ )) { | |
125 | $Monitoring{$Device} = 1; | |
126 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), ([^,]+, S\/N:[^,]+,.* FW:.*)/ )) { | |
127 | $DeviceInfo{$Device} = $Msg; | |
128 | } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), (\[[^,]+, lu id: .*)/ )) { | |
129 | $DeviceInfo{$Device} = $Msg; | |
137 | 130 | # } elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), (.*)$/)) { |
138 | 131 | # $ParamChanges{$Device}{$Msg}++; |
139 | 132 | } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), not found in smartd database./ )) { |
140 | 133 | $NotInDatabase{$Device}++; |
141 | } elsif ( my ($Device,$AttribType,$Code,$Name,undef,undef,undef,$RawVal) = ($ThisLine =~ /^Device: ([^,]+), SMART ([A-Za-z]+) Attribute: ([0-9]+) (Temperature_Celsius) changed from ([0-9]+) (\[Raw [0-9]+\]) to ([0-9]+) \[Raw ([0-9]+)\]/)) { | |
134 | } elsif ( my ($Device,$AttribType,$Code,$Name,undef,undef,undef,$RawVal) = ($ThisLine =~ /^Device: ([^,]+), SMART ([A-Za-z]+) Attribute: ([0-9]+) (Temperature_Celsius) changed from ([0-9]+) (\[Raw [0-9]+(?: \([0-9]+\s[0-9]+\s[0-9]+\s[0-9]+(?:\s[0-9])?\))?\]) to ([0-9]+) \[Raw ([0-9]+)(?: \([0-9]+\s[0-9]+\s[0-9]+\s[0-9]+(?:\s[0-9])?\))?\]/)) { | |
142 | 135 | push @{$TempChanges{$Device}}, $RawVal; |
143 | 136 | # smartd reports temperature changes this way only for SCSI disks |
144 | 137 | } elsif ( my ($Device,$AttribType,$Code,$Name,undef,undef,$NewVal) = ($ThisLine =~ /^Device: ([^,]+), SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+) changed from ([0-9]+) (\[Raw [0-9]+\] )?to ([0-9]+)/)) { |
215 | 208 | } |
216 | 209 | |
217 | 210 | if (keys %CantMonitor) { |
218 | foreach my $Device (sort keys %ParamChanges) { | |
211 | foreach my $Device (sort keys %CantMonitor) { | |
219 | 212 | print "\n$Device :\n"; |
220 | 213 | foreach my $Line (sort keys %{$CantMonitor{$Device}}) { |
221 | 214 | print " $Line - " . $CantMonitor{$Device}{$Line} . " Time(s)\n"; |
359 | 352 | print "\n"; |
360 | 353 | } |
361 | 354 | |
355 | if (keys %Monitoring and $Detail > 7) { | |
356 | print "\nMonitoring:\n"; | |
357 | foreach my $Device (sort keys %Monitoring) { | |
358 | print "\t$Device"; | |
359 | if (defined($DeviceInfo{$Device})) { | |
360 | print ": $DeviceInfo{$Device}\n"; | |
361 | } else { | |
362 | print "\n"; | |
363 | } | |
364 | } | |
365 | } | |
366 | ||
362 | 367 | if ((%OtherList) and (not $IgnoreUnmatched)){ |
363 | 368 | print "\n**Unmatched Entries**\n"; |
364 | 369 | foreach my $line (sort keys %OtherList) { |
0 | 0 | ########################################################################## |
1 | # $Id: sshd 174 2013-11-08 17:01:58Z opoplawski $ | |
1 | # $Id: sshd 240 2014-09-22 12:55:12Z stefjakobs $ | |
2 | 2 | ########################################################################## |
3 | 3 | # $Log: sshd,v $ |
4 | 4 | # Revision 1.79 2011/01/05 10:49:03 stefan |
261 | 261 | ($ThisLine =~ m/^Disconnecting: server_input_channel_req: unknown channel -?\d+/) or |
262 | 262 | ($ThisLine =~ m/^connect from \d+\.\d+\.\d+\.\d+/) or |
263 | 263 | ($ThisLine =~ m/^fatal: Timeout before authentication/ ) or |
264 | ($ThisLine =~ m/^fatal: no hostkey alg/) or | |
264 | 265 | ($ThisLine =~ m/Connection from .* port /) or |
265 | 266 | ($ThisLine =~ m/Postponed (keyboard-interactive|publickey) for [^ ]+ from [^ ]+/) or |
266 | 267 | ($ThisLine =~ m/Read from socket failed/) or |
287 | 288 | ($ThisLine =~ /pam_winbind\(sshd:account\): user .* OK/) or |
288 | 289 | ($ThisLine =~ /pam_systemd\(sshd:session\): Moving/) or |
289 | 290 | ($ThisLine =~ /PAM \d+ more authentication failures?;/) or |
291 | ($ThisLine =~ /^PAM service\(sshd\) ignoring max retries;/) or | |
290 | 292 | ($ThisLine =~ /^Failed keyboard-interactive for <invalid username> from/ ) or |
291 | 293 | ($ThisLine =~ /^Keyboard-interactive \(PAM\) userauth failed/ ) or |
292 | 294 | ($ThisLine =~ /^debug1: /) or |
321 | 323 | ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or |
322 | 324 | ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or |
323 | 325 | ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or |
326 | ($ThisLine =~ m/^fatal: Write failed: Connection reset by peer/) or | |
324 | 327 | ($ThisLine =~ m/^channel \d+: open failed: (?:connect failed: Channel open failed\.|administratively prohibited: open failed)/) or |
325 | 328 | ($ThisLine =~ m/^session_input_channel_req: no session \d+ req window-change/) or |
326 | 329 | ($ThisLine =~ m/^error: chan_shutdown_read failed for .+/) |
380 | 383 | } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) { |
381 | 384 | $RefusedAuthentication{$Reason}++; |
382 | 385 | } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) { |
383 | $DisconnectReceived{$Reason}{$Host}++; | |
386 | # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO | |
387 | if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;} | |
384 | 388 | } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) { |
385 | 389 | $RootLogin{$Host}++; |
386 | 390 | } elsif ( my ($Error) = ($ThisLine =~ /^Cannot release PAM authentication\[\d\]: (.*)$/)) { |
0 | #!/usr/bin/perl | |
0 | 1 | |
1 | 2 | ########################################################################## |
2 | # $Id: stunnel 167 2013-08-19 10:28:43Z stefjakobs $ | |
3 | # $Id: stunnel 238 2014-09-16 08:00:55Z stefjakobs $ | |
3 | 4 | ########################################################################## |
4 | 5 | |
5 | 6 | ####################################################### |
23 | 24 | |
24 | 25 | my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; |
25 | 26 | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; |
26 | my $allowedServicesInput = $ENV{'stunnel_allowed_services'} || ""; | |
27 | 27 | |
28 | 28 | my $DebugCounter = 0; |
29 | my $Top = $ENV{'stunnel_print_top'} || 20; | |
29 | 30 | |
30 | 31 | if ( $Debug >= 5 ) { |
31 | 32 | print STDERR "\n\nDEBUG: Inside stunnel Filter \n\n"; |
35 | 36 | my @OtherList = (); |
36 | 37 | my %OtherList = (); |
37 | 38 | my %connections = (); |
38 | my %connectionsAllowed = (); | |
39 | my %log_connections = (); | |
40 | 39 | my %versioninfo = (); |
40 | my %errors = (); | |
41 | my %notices = (); | |
41 | 42 | my $sockdata = 0; |
42 | 43 | my $ssldata = 0; |
43 | ||
44 | $allowedServicesInput =~ s/[\t ]*,[\t ]*/,/g; | |
45 | my %allowedServices = (); | |
46 | @allowedServices{split(/,/, $allowedServicesInput)} = (); | |
47 | ||
48 | if ($Debug >= 5) { | |
49 | print "Allowed services are set to: \n"; | |
50 | foreach my $allowedService (sort keys %allowedServices) { | |
51 | print $allowedService, "\n"; | |
52 | } | |
53 | print "\n\n\n"; | |
54 | } | |
55 | 44 | |
56 | 45 | sub other { |
57 | 46 | my $msg = shift; |
65 | 54 | |
66 | 55 | my $ThisLine; |
67 | 56 | while (defined($ThisLine = <STDIN>)) { |
57 | $ThisLine =~ s/LOG\d\[\d{1,5}:\d{15}\]: (.*)/$1/; | |
68 | 58 | if ( $Debug >= 5 ) { |
69 | 59 | print STDERR "DEBUG($DebugCounter): $ThisLine"; |
70 | 60 | $DebugCounter++; |
71 | 61 | } |
72 | 62 | chomp($ThisLine); |
73 | my ($logid) = ($ThisLine =~ /^LOG\d\[(\d+:\d+)\]:/); | |
74 | # remove leading log level and ID, eg 'LOG5[2411:3084352400]: ' | |
75 | $ThisLine =~ s/^LOG\d\[\d+:\d+\]: //; | |
76 | ||
77 | if ( ($ThisLine =~ m/^SSL_read: Connection reset by peer/) | |
78 | ) { | |
79 | # ignore | |
80 | } elsif ($ThisLine =~ m/^(.+) connected from (\d+\.\d+\.\d+\.\d+)/) { | |
63 | my $origline = $ThisLine; | |
64 | if ($ThisLine =~ m/^(.+) connected from (\d+\.\d+\.\d+\.\d+)/) { | |
81 | 65 | my $service = $1; |
82 | 66 | my $ip = $2; |
83 | if (exists($allowedServices{$service})) { | |
84 | ++$connectionsAllowed{$service}; | |
85 | } else { | |
86 | ++$connections{$service}{$ip}; | |
67 | if (! exists($connections{$service}{$ip})) { | |
68 | $connections{$service}{$ip} = 0; | |
87 | 69 | } |
88 | } elsif ($ThisLine =~ m/^stunnel accepted connection from (\d+\.\d+\.\d+\.\d+):\d+/) { | |
89 | $log_connections{$logid}{client} = $1; | |
90 | } elsif ($ThisLine =~ m/^stunnel connected remote server from (\d+\.\d+\.\d+\.\d+):\d+/) { | |
91 | $log_connections{$logid}{source} = $1; | |
92 | } elsif ($ThisLine =~ m/^connect_blocking: connected (\d+\.\d+\.\d+\.\d+:\d+)/) { | |
93 | $log_connections{$logid}{service} = $1; | |
70 | ++$connections{$service}{$ip}; | |
94 | 71 | } elsif ($ThisLine =~ m/^Connection (reset|closed): (\d+) bytes sent to SSL, (\d+) bytes sent to socket/) { |
95 | 72 | $ssldata += $2; |
96 | 73 | $sockdata += $3; |
97 | 74 | } elsif ($ThisLine =~ m/^Connection (reset|closed)/) { |
98 | 75 | # ignore |
99 | } elsif ($ThisLine =~ m/^Threading:[\w]+ SSL:[\w]+/) { | |
76 | } elsif ($ThisLine =~ m/^connect_blocking: connected/) { | |
100 | 77 | # ignore |
101 | } elsif ($ThisLine =~ m/^stunnel [\d\.]+ on [\w\-]+([\w\+\s]+)?with OpenSSL [\w\.\-]+ \d+ \w+ \d+/) { | |
78 | } elsif ($ThisLine =~ m/^Log file reopened$/) { | |
79 | # ignore | |
80 | } elsif ($ThisLine =~ m/^SSL socket closed on SSL_read with \d+ byte\(s\) in buffer$/) { | |
81 | # ignore | |
82 | } elsif ($ThisLine =~ m/^stunnel [\d\.]+ on [\w\-]+ [\w\+]+ with OpenSSL [\w\.]+ \d+ \w+ \d+/) { | |
102 | 83 | $versioninfo{$ThisLine} = 1; |
84 | } elsif ($ThisLine =~ m/^Service (\S+) accepted connection from ([0-9a-fA-F.:]+):\d{1,5}/) { | |
85 | $connections{$1}{$2}++; | |
86 | } elsif ($ThisLine =~ m/^Service (\S+) connected remote server from ([0-9a-fA-F.:]+):\d{1,5}/) { | |
87 | $connections{"remote: $1"}{$2}++; | |
88 | } elsif ($ThisLine =~ m/^Error detected on (SSL|socket) \((read|write)\) file descriptor: (.*) \(\d+\)/) { | |
89 | $errors{"$1 $2 file descriptor: $3"}++; | |
90 | } elsif ($ThisLine =~ m/^transfer: s_poll_wait: TIMEOUTclose exceeded: closing$/) { | |
91 | $notices{"TIMEOUTclose exceeded: closing connection"}++; | |
92 | } elsif ($ThisLine =~ m/^(SSL_(?:accept|read|shutdown): .*|getpeerbyname: .*)(?: \(\d+\))?$/) { | |
93 | $notices{$1}++; | |
103 | 94 | } else { |
104 | 95 | # Report any unmatched entries... |
105 | 96 | other($ThisLine); |
106 | 97 | } |
107 | 98 | } |
108 | 99 | |
109 | if (keys %log_connections) { | |
110 | foreach my $entry (keys %log_connections) { | |
111 | my $ip = $log_connections{$entry}{client}; | |
112 | my $service = $log_connections{$entry}{service}; | |
113 | $service = "Unknown" if not $service; | |
114 | $connections{$service}{$ip}++; | |
100 | if (keys %errors) { | |
101 | print "\nErrors:\n"; | |
102 | foreach my $e (sort keys %errors) { | |
103 | printf " %-50s %6d time(s)\n", $e, $errors{$e}; | |
104 | } | |
105 | } | |
106 | ||
107 | if (keys %notices) { | |
108 | print "\nNotices:\n"; | |
109 | foreach my $n (sort keys %notices) { | |
110 | printf " %-50s %6d time(s)\n", $n, $notices{$n}; | |
115 | 111 | } |
116 | 112 | } |
117 | 113 | |
118 | 114 | if (keys %connections) { |
119 | print "Number of connections per service per ip:\n\n"; | |
115 | print "\nconnections:\n"; | |
120 | 116 | foreach my $service (sort keys %connections) { |
121 | printf " To %s\n", $service; | |
117 | print " $service\n"; | |
122 | 118 | my $ips = $connections{$service}; |
123 | foreach my $ip (sort keys %$ips) { | |
124 | printf " %15s : %5d time(s)\n", $ip, $ips->{$ip}; | |
119 | my $i = 0; | |
120 | foreach my $ip (sort {$connections{$service}{$b} <=> $connections{$service}{$a}} keys %{$connections{$service}}) { | |
121 | if ($i >= $Top) { | |
122 | printf " %-48s\n", "... only top $Top printed ..."; | |
123 | last; | |
124 | } else { | |
125 | printf " %-48s %6d time(s)\n", $ip, $connections{$service}{$ip}; | |
126 | $i++; | |
127 | } | |
125 | 128 | } |
126 | 129 | } |
127 | 130 | } |
128 | 131 | |
129 | if (keys %connectionsAllowed) { | |
130 | print "\nNumber of connections per allowed service:\n"; | |
131 | foreach my $service (sort keys %connectionsAllowed) { | |
132 | printf " %18s : %5d time(s)\n", $service, $connectionsAllowed{$service}; | |
132 | if ($sockdata > 0) { | |
133 | if ($sockdata > 1024*1024) { | |
134 | printf "\n%-48s %10.2f MB\n", "amount of socket data transferred:", $sockdata / 1024 / 1024; | |
135 | } else { | |
136 | printf "\n%-48s %10.2f KB\n", "amount of socket data transferred:", $sockdata / 1024; | |
133 | 137 | } |
134 | 138 | } |
135 | 139 | |
136 | if ($sockdata > 0) { | |
137 | printf "\namount of socket data transferred: %.2f KB\n", $sockdata / 1024; | |
138 | } | |
139 | ||
140 | 140 | if ($ssldata > 0) { |
141 | printf "\namount of SSL data transferred: %.2f KB\n", $ssldata / 1024; | |
141 | if ($ssldata > 1024*1024) { | |
142 | printf "\n%-48s %10.2f MB\n", "amount of SSL data transferred:", $ssldata / 1024 / 1024; | |
143 | } else { | |
144 | printf "\n%-48s %10.2f KB\n", "amount of SSL data transferred:", $ssldata / 1024; | |
145 | } | |
142 | 146 | } |
143 | 147 | |
144 | 148 | if (keys %versioninfo) { |
0 | 0 | |
1 | 1 | ########################################################################## |
2 | # $Id: xntpd 150 2013-06-18 22:19:38Z mtremaine $ | |
3 | ########################################################################## | |
4 | # $Log: xntpd,v $ | |
5 | # Revision 1.23 2010/05/05 12:30:51 stefan | |
6 | # added: Operation not permitted, fixed: typo in Errors | |
7 | # | |
8 | # Revision 1.22 2008/06/30 23:07:51 kirk | |
9 | # fixed copyright holders for files where I know who they should be | |
10 | # | |
11 | # Revision 1.21 2008/05/14 18:22:21 mike | |
12 | # Interfaces numbers can be greater then 9 -mgt | |
13 | # | |
14 | # Revision 1.20 2008/05/13 16:04:48 mike | |
15 | # Patch from David Baldwin -mgt | |
16 | # | |
17 | # Revision 1.19 2008/05/04 15:26:08 mike | |
18 | # Patch from Fedora tree -mgt | |
19 | # | |
20 | # Revision 1.18 2008/03/24 23:31:27 kirk | |
21 | # added copyright/license notice to each script | |
22 | # | |
23 | # Revision 1.17 2007/05/24 03:59:42 kirk | |
24 | # http://bugs.gentoo.org/show_bug.cgi?id=141649 | |
25 | # | |
26 | # Revision 1.16 2007/04/16 03:11:11 bjorn | |
27 | # Modified filtering for Listening entries to accommodate interface numbers. | |
28 | # | |
29 | # Revision 1.15 2007/04/16 02:34:27 bjorn | |
30 | # Filtering Listening...Disabled statements. | |
31 | # | |
32 | # Revision 1.14 2007/02/17 19:36:11 bjorn | |
33 | # Reverting back to version 1.12 - ignore changes to 1.13. | |
34 | # | |
35 | # Revision 1.13 2007/02/17 16:28:44 bjorn | |
36 | # Deleted superfluous lines - probably from malformed diff. | |
37 | # | |
38 | # Revision 1.12 2007/02/16 03:57:50 bjorn | |
39 | # Additional filtering, by Ivana Varekova. | |
40 | # | |
41 | # Revision 1.11 2005/11/01 15:01:40 bjorn | |
42 | # Adjustment to synchronized messages in Solaris, by David Baldwin | |
43 | # | |
44 | # Revision 1.10 2005/10/19 05:45:12 bjorn | |
45 | # Filtering redundant failed message, by David Baldwin | |
46 | # | |
47 | # Revision 1.9 2005/10/19 05:35:30 bjorn | |
48 | # Code cleanup, better handling of Unmatched, and additional filtering, by | |
49 | # David Baldwin | |
50 | # | |
51 | # Revision 1.8 2005/10/02 15:00:34 bjorn | |
52 | # Corrections to last commit | |
53 | # | |
54 | # Revision 1.7 2005/10/01 18:30:12 bjorn | |
55 | # Added filtering for listening and synchronized statements, by Gilles Detillieux | |
56 | # | |
57 | # Revision 1.6 2005/09/28 17:39:04 mike | |
58 | # Patch from David Baldwin, plus a few other tweaks -mgt | |
59 | # | |
60 | # Revision 1.5 2005/07/05 22:16:23 mike | |
61 | # Small patch from Paul Chambers -mgt | |
62 | # | |
63 | # Revision 1.4 2005/05/23 17:35:55 bjorn | |
64 | # Patch for an older ntpd (4.1.1a-9), by Michael Evans | |
65 | # | |
66 | # Revision 1.3 2005/05/04 15:52:51 bjorn | |
67 | # Removed shell path to perl in first line | |
68 | # | |
69 | # Revision 1.2 2005/02/24 17:08:05 kirk | |
70 | # Applying consolidated patches from Mike Tremaine | |
71 | # | |
72 | # Revision 1.2 2005/02/16 00:43:28 mgt | |
73 | # Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt | |
74 | # | |
75 | # Revision 1.1 2005/02/13 01:25:13 mgt | |
76 | # Inital code check in from David Baldwin -mgt | |
77 | # | |
2 | # $Id: xntpd 228 2014-09-09 11:27:00Z stefjakobs $ | |
78 | 3 | ########################################################################## |
79 | 4 | |
80 | 5 | ######################################################## |
153 | 78 | ($ThisLine =~ /Listening on interface .* Disabled/) or |
154 | 79 | ($ThisLine =~ /Listen and drop on /) or |
155 | 80 | ($ThisLine =~ /Listening on routing socket on/) or |
156 | ($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or | |
157 | ($ThisLine =~ /peers refreshed$/) or | |
158 | ($ThisLine =~ /restrict: error in address/) or | |
159 | ($ThisLine =~ /syntax error in .+ line \d+, column \d+$/) | |
81 | ($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or | |
82 | ($ThisLine =~ /peers refreshed$/) or | |
83 | ($ThisLine =~ /restrict: error in address/) or | |
84 | ($ThisLine =~ /syntax error in .+ line \d+, column \d+$/) | |
160 | 85 | ) { |
161 | 86 | # Ignore these |
162 | 87 | } elsif ($ThisLine =~ m/ntpd [\d\-\.\w@]+ ... ... .. ..:..:.. /) { |