> #dkimproxy
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: connect from .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: DKIM signing -
> signed; .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: DKIM signing -
> skipped; .*$
No rules at all.
Jul 7 12:39:21 hosting dkimproxy.out[1508]: DKIM signing - skipped;
message-id=<cb42d0dfb3a2eb598e162cfe3b6ea...@www.xyz.com>,
from=<em...@dot.com>
Jul 7 12:39:21 hosting dkimproxy.out[1508]: DKIM signing - signed;
message-id=<cb42d0dfb3a2eb598e162cfe3b6ea...@www.xyz.com>,
from=<em...@dot.com>
Jul 7 12:39:21 hosting dkimproxy.out[1508]: connect from 127.0.0.1
> #postfix
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: discarding EHLO
> keywords: 8BITMIME STARTTLS$
In 1.3.10, sorry.
> #ssh
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error writing
> /proc/self/oom_adj: Operation not permitted$
Not there.
> #ntp
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync status
> change 4001
No config at all
> #cron-apt
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cron-apt: After this operation, [:alnum:]+
> disk space will be freed.$
In 1.3.10, sorry.
> #syslog-ng
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslog-ng\[[0-9]+\]: Log statistics;.*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslog-ng\[[0-9]+\]: Configuration reload
> request received, reloading configuration;$
syslog-ng[31823]: Log statistics; processed='destination(d_error)=3',
processed='destination(d_messages)=298',
processed='src.internal(s_src#1)=90',
stamp='src.internal(s_src#1)=1278499023',
processed='destination(d_syslog)=90', processed='center(received)=0',
processed='destination(d_xconsole)=3',
processed='destination(d_newscrit)=0',
processed='destination(d_auth)=1452',
processed='destination(d_daemon)=1',
processed='global(payload_reallocs)=0',
processed='global(msg_clones)=0', processed='destination(d_mail)=64',
processed='destination(d_cron)=711',
processed='destination(d_kern)=132',
processed='destination(d_uucp)=0', processed='destination(d_debug)=4',
processed='destination(d_lpr)=0', processed='destination(d_user)=76',
processed='center(queued)=0', processed='global(sdata_updates)=0',
processed='destination(d_newsnotice)=0',
processed='destination(d_console_all)=3',
processed='destination(d_console)=1', processed='source(s_src)=2530',
processed='destination(d_newserr)=0'
> #shorewall
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:.*$
Shorewall can log to an outside file. Logging to syslog is causing
every packet drop to be in logcheck.
Example:
Jul 7 12:40:04 dev kernel: Shorewall:net2fw:DROP:IN=venet0 OUT=
PHYSIN=eth0 MAC= SRC=X.Y.Z.A DST=A.B.C.D LEN=404 TOS=0x00 PREC=0x00
TTL=32 ID=54796 PROTO=UDP SPT=2368 DPT=1434 LEN=384
> #libpam-cracklib
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cracklib: no dictionary update necessary.$
Not there.
> #modprobe?
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: WARNING: Not loading blacklisted
> module ipv6.$
Should be in fact:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: WARNING: Not loading
blacklisted module [:alnum:]+$
> #bind
> #success resolving 'www.mac.com/AAAA' (in 'mac.com'?) after reducing the
> advertised EDNS UDP packet size to 512 octets
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving.*$
In 1.3.10, sorry.
> #rsyncd
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: file has vanished: .*$
>
Not there.
> #netatalk
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: server_child[[:xdigit:]+]
> [:xdigit:]+ exited 1$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam.c :PAM: PAM
> Success$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam.c :PAM: PAM
> Auth OK!$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: login [:alpha:]+ (uid
> [:xdigit:]+, gid [:xdigit:]+) AFP3.1$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dhx login: [:alpha:]+$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: ipc_read: command: .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: Setting clientid .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: pc_get_session: .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: bad function .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: ASIP session:.*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_alarm: child timed out$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [:alpha:]+ read,
> [:alpha:]+ written$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: Connection terminated$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: server_child[[:xdigit:]+]
> [:xdigit:]+ exited 1$
No rules at all.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
