Package: logcheck Severity: wishlist I'm attaching a git patch with rule suggestion for mountd, and a sample from my logs.
From 8bad954c60492445f4cda646e85287f75238a40c Mon Sep 17 00:00:00 2001 From: Pawel Hajdan jr <phajdan...@gmail.com> Date: Sun, 31 Jan 2010 19:49:25 +0100 Subject: [PATCH] Added rules for mountd.
--- rulefiles/linux/ignore.d.server/mountd | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) create mode 100644 rulefiles/linux/ignore.d.server/mountd diff --git a/rulefiles/linux/ignore.d.server/mountd b/rulefiles/linux/ignore.d.server/mountd new file mode 100644 index 0000000..9df92f7 --- /dev/null +++ b/rulefiles/linux/ignore.d.server/mountd @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (mount|unmount) request from [0-9.]+:[0-9]+ for [._/[:alnum:]-]+ \([._/[:alnum:]-]+\)$ -- 1.6.5.2
Jan 30 15:53:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:799 for /diskless (/diskless) Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 192.168.1.14:1017 for /home (/home) Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 192.168.1.14:989 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 16:59:10 hq mountd[4771]: authenticated mount request from 192.168.1.11:869 for /diskless (/diskless) Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 192.168.1.11:883 for /home (/home) Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 192.168.1.11:807 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:821 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:822 for /home (/home) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:823 for /diskless (/diskless) Jan 30 17:00:06 hq mountd[4771]: authenticated unmount request from 192.168.1.14:832 for /home (/home) Jan 30 17:00:49 hq mountd[4771]: authenticated mount request from 192.168.1.14:813 for /diskless (/diskless) Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 192.168.1.14:986 for /home (/home) Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 192.168.1.14:955 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:950 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:951 for /home (/home) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:952 for /diskless (/diskless) Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 192.168.1.11:961 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 192.168.1.11:962 for /home (/home) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:930 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:931 for /home (/home) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:932 for /diskless (/diskless) Jan 30 18:44:56 hq mountd[4771]: authenticated unmount request from 192.168.1.14:941 for /home (/home) Jan 30 18:45:38 hq mountd[4771]: authenticated mount request from 192.168.1.14:929 for /diskless (/diskless) Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 192.168.1.14:1018 for /home (/home) Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 192.168.1.14:926 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:910 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:911 for /home (/home) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:912 for /diskless (/diskless) Jan 30 19:18:31 hq mountd[4771]: authenticated unmount request from 192.168.1.14:921 for /home (/home) Jan 31 11:42:50 hq mountd[4771]: authenticated mount request from 192.168.1.14:717 for /diskless (/diskless) Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:787 for /home (/home) Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:719 for /diskless-var-tmp (/diskless-var-tmp)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel