|
@@ -0,0 +1,432 @@
|
|
|
+### journald - simple but effective journald monitoring
|
|
|
+###### 2015- by Volker Tanger <volker.tanger@wyae.de>
|
|
|
+###### http://www.wyae.de/software/journalogs/
|
|
|
+###### ignore_pattern v23.1.13
|
|
|
+#####
|
|
|
+~~~~basis~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(sd-pam\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session closed for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Anacron [0-9.]+ started on [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test switch to battery.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test completed: Battery OK
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Create a snapshot of
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Delete subvolume \(no-commit\):
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Transaction commit:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: \(\*system\*\) RELOAD (/etc/cron.d/0HourlyDailyWeeklyMonthly)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: pam_unix\(crond:session\): session opened for user [a-z0-9]+ by \(uid=0\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crontab\[[0-9]+\]: \(root\) LIST \(nobody\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPREQUEST (of|for) [0-9.]+ on [a-z0-9]+ to [0-9.]+ port 67
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: bound to [0-9.]+ -- renewal in [0-9]+ seconds
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPACK of [0-9.]+ from [0-9.]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ fstrim\[[0-9]+\]: [a-z0-9_/-]+: [0-9,.]+ ([MkG]i)?B \([0-9]+ Bytes\) auf [/a-z0-9-]+ getrimmt
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: Method parse/execution failed \[\\_SB.PMI0._PMM\] \(Node
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length [0-9]+, found length [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS: device label
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS info \(device [a-z0-9-]+\): disk space caching is enabled
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS( info \(device [a-z0-9-]+\))?: has skinny extents
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: CE: hpet increased min_delta_ns to [0-9]+ nsec
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: hrtimer: interrupt took [0-9]+ ns
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ \[sd[a-z]\] Very big device. Trying to use READ CAPACITY
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ timing out command, waited [0-9]+s
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ libvirtd\[[0-9]+\]: Operation ist nicht untersttzt: summary statistics are not supported yet
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (man subdirector(y|ies) contained newer manual pages|Handbuchverzeichnisse enthielten neuere Handbuchseiten).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (manual pages were added|Handbuchseiten wurden hinzugef.gt).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entries were purged|alte Datenbankeintr.ge wurden entfernt).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (stray cats were added|herrenlose .?cat.?-Dateien wurden hinzugef.gt).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Processing manual pages under|Handbuchseiten unter) /usr/(share|local)/man
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entry was purged|alter Datenbankeintrag wurde entfernt)\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Purging old database entries|Alte Datenbankeintr.ge) in /usr/(share|local)/man
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Updating index cache for path |Indexcache des Pfades )
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Checking for stray cats under|Handbuchseiten ohne .cat.-Dateien in [/a-zA-Z0-9._-]+ werden gesucht)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (whatis parse for [a-z0-9._()-]+ failed|whatis-Verarbeitung f.r [/a-z0-9._()-]+ fehlgeschlagen)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (can't open [/a-z0-9._-]+: No such file or directory|[/a-z0-9._-]+ kann nicht ge.ffnet werden: Datei oder Verzeichnis nicht gefunden)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (bad symlink or ROFF .\.so' request|ung.ltige symbolische Verkn.pfung oder .roff.-.\.so.-Anfrage)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: Warnung: [/a-zA-Z0-9._-]+: fehlerhafter Dateiname wird ignoriert
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: scanner\.c:[0-9]+: info: Scanning
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp\.c:[0-9]+: info: Serving DetailID: [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (done|fertig)\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_namequery\.c:[0-9]+\(query_name_response\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ run-parts\[[0-9]+\]: \(/etc/cron.(hourly|daily)\) (starting|finished) (journalogs|dailogs|backup|mcelog.cron|mosshe_hourly|ntpdate|rechtesetzen|man-db.con|logrotate)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ runuser\[[0-9]+\]: pam_unix\(runuser:session\): session (opened|closed) for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ (rsyslog|rsyslogd|liblogging-stdlog)\[[0-9]+\]: +\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https?:\/\/www.rsyslog.com"\] (start|rsyslogd was HUPed|exiting on signal)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], SMART (Usage|Prefailure) Attribute:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], CHECK POWER STATUS spins up disk
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] \.\./source3/lib/sysquotas\.c:[0-9]+\(sys_get_quota\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +sys_path_to_bdev\(\) failed for path \[
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Accepted publickey for [a-z0-9]+ from [0-9a-f:.]+ port [0-9]+ ssh2:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Bad protocol version identification
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: could not read protocol version
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: invalid format
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection closed by (invalid user [A-Za-u0-9_.-]* )?[0-9.a-f:]+ port [0-9]+ \[preauth\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection (closed|reset) by [0-9.a-f:]+ port [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Did not receive identification string from
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnected from (invalid )?(user [a-z0-9-]+ )?[0-9.a-f:]+( port [0-9]+)?
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnecting invalid user [a-z0-9-]+ [0-9.]+ port [0-9]+: Change of username or service not allowed:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: (read: )?Connection reset by peer
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Invalid user [^ ]+ from [0-9A-F.:]+ port [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: pam_unix\(sshd:session\): session (opened|closed) for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: disconnected by user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: Normal Shutdown, Thank you for playing
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Protocol major versions differ
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: userauth_pubkey: key type [a-z-]* not in PubkeyAcceptedKeyTypes
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching key exchange method found. Their offer:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching host key type found. Their offer:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: ssh:connection from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+ forwarded from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: forward to ssh failed:connect: Connection timed out
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: connect: Connection timed out
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: getpeername:[0-9]+:Transport endpoint is not connected
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: pam_unix\(su:session\): session (open|clos)ed for user [a-z0-9._-]+( by \(uid=0\))?
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \(to [a-z0-9_.-]+\) root on none
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \+ \?\?\? [a-z0-9]+:[a-z0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: \([a-z._0-9]+\) CMD \(
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: pam_unix\(crond?:session\): session (opened|closed) for user
|
|
|
+~~~~systemd+dbus+auditd~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(systemd\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Created slice user-[0-9]+.slice - User Slice of UID [0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped|Created|Finished) user\@[0-9]+.service - User Manager for UID [0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: session-[0-9]+.scope: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopped|Stopping) user-runtime-dir\@[0-9]+.service - User Runtime Directory /run/user/[0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Activating special unit exit.target...
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished systemd-exit.service - Exit the Session.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: [a-z0-9-]+.service: Succeeded\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Run anacron jobs
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: anacron.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily(-upgrade)?.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Consumed [0-9.]+s CPU time.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Created|Removed) slice (user-[0-9]+.slice )?User Slice of
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopping|Stopped) user-runtime-dir@[0-9]+.service - User Runtime Directory /run/user/[0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting user@[0-9]+.service - User Manager for UID [0-9]+...
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Starting) D-Bus User Message Bus Socket\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus.socket: Succeeded.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Failed at step CGROUP spawning /usr/lib/systemd/systemd: No such file or directory
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Cleanup of Temporary Directories.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Clean php session files.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) phpsessionclean.service - Clean php session files.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: phpsessionclean.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily apt (download|upgrade and clean) activities.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily man-db regeneration.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) man-db.service - Daily man-db regeneration.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: man-db.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Exit the Session.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished e2scrub_all.service - Online ext4 Metadata Check for All Filesystems.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Rotate log files.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished User Runtime Directory /run/user/
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: gpg-agent(-extra|-browser|-ssh)?.socket: Succeeded.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Exit the Session.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session-[0-9]+.scope|dirmngr.socket|run-user-[0-9]+.mount): Succeeded.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Listening on D-Bus User Message Bus Socket\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Listening on) GnuPG cryptographic agent (and passphrase cache|\(ssh-agent emulation\)|\(access for web browsers\))
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session (opened|closed) for user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Queued start job for [a-z]+ target
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Reached|Stopped) target
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Received SIGRTMIN\+24 from PID [0-9]+ \(kill\).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Reloading\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started dnf makecache\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started /usr/sbin/pacman -Su --noprogressbar --noconfirm\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ed|ing) Network Service\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Daily apt upgrade and clean activities\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily.service - Daily apt download activities.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily-upgrade.service - Daily apt upgrade and clean activities
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily-upgrade.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Session [0-9a-f]+ of user [a-z0-9_.-]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Succeeded.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Consumed [0-9.]+s CPU time.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Manager for UID [0-9]+.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Runtime Directory
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Created|Removed|Stopping) (slice )?user-[0-9]+.slice\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Session [0-9a-f]+ of user root\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting dnf makecache\.\.\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting Exit the Session\.\.\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) (Basic System|Default|Paths|Sockets|Timers|Shutdown).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Clean php session files.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Cleanup of Temporary Directories\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Discard unused blocks on filesystems from /etc/fstab
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Lightning Fast Webserver With Light System Requirements\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Rotate log files\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Verify integrity of password and group files\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Update man-db cache\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily man-db regeneration\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) User Manager for UID 0\.\.\.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Online ext4 Metadata Check for All Filesystems
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) e2scrub_all.service - Online ext4 Metadata Check for All Filesystems...
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Succeeded
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) dpkg-db-backup.service - Daily dpkg database backup service.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dpkg-db-backup.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) logrotate.service - Rotate log files.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: logrotate.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: systemd-tmpfiles-clean.service: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Reload)(ing|ed) Lighttpd Web Server.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Startup finished in [0-9]+ms.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily apt download activities.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped) [A-Za-z]+ Daemon
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Killing process [0-9]+ \(kill\) with signal SIGKILL
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG network certificate management daemon.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG cryptographic agent
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Stopp)(ed|ing) Network Name Resolution.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user(-runtime-dir)?@[0-9]+.(service|mount): Succeeded.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd-tmpfiles-clean.service.mount: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd[^.]+.service.mount: Deactivated successfully.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started) systemd-timedated.service - Time & Date Service.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus-daemon[519]: [system] Successfully activated service 'org.freedesktop.timedate1'
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Existing logind session ID [0-9]+ used by new audit session, ignoring.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: New session [0-9a-f]+ of user
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Removed session
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Session [a-f0-9]+ logged out. Waiting for processes to exit.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Retention time reached, rotating.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Starting DHCPv6 client on NDisc request failed: Invalid argument
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: Enumeration completed
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Configured
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Could not drop address: No such process
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Gained IPv6LL
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Positive Trust Anchors:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: . IN DS [0-9]+ [0-9]+ [0-9]+ [0-9a-f]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Using system hostname
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: request_name_destroy_callback n_ref=1
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timedated\[[0-9]+\]: Set NTP to enabled \(systemd-timesyncd.service\).
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Synchronized to time server
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Timed out waiting for reply from
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Network configuration changed, trying to establish connection.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: interval/delta/delay/jitter/drift [0-9]+s/[+-][0-9.]+s/[0-9.]+s/[0-9.]+s/[+-][0-9.]+ppm
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dbus-daemon\[[0-9]+\]: \[system\] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by
|
|
|
+~~~~redhat/fedora~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: SERVICE_(START|STOP) pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ ses=[0-9]+ msg='unit=(logrotate|man-db|shadow|systemd-tmpfiles-clean|systemd-resolved) comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: <audit-*
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit: <audit-[0-9]+>
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: <audit-[0-9]+>
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: audit:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf/x86
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: DNF version:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Loaded plugins: migrate
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Metadaten-Zwischenspeicher wurde
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Zwischenspeicherungsdateien f.r alle Metadaten-Dateien werden erstellt
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: fedora: (metadata )?will expire after [0-9]+ seconds
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: not found (delta|update)info for: Fedora
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: repo: using cache for: fedora
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: updates: metadata will expire after [0-9]+ seconds and will be refreshed now
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: failed for 'updates', mismatched sha256 sum.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: '(updates|fedora)' can be revived.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf
|
|
|
+~~~~mail-dovecot~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: Warning: Event 0x[0-9a-f]* leaked \(parent=\(nil\)\): auth-client-connection.c
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: Warning: auth client [0-9]* disconnected with [0-9]* pending requests: (Connection reset by peer|EOF)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: Error: auth client [0-9]+ disconnected with [0-9]+ pending requests: EOF
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: Error: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Error: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Connection closed
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Inactivity - no input for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected for inactivity
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Logged out in=[0-9]+ out=[0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(no auth attempts in [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed,
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Aborted login by logging out
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected(: Connection closed)? \(no auth attempts in [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: read\(size=[0-9]+\) failed: Connection reset by peer \(no auth attempts in [0-9]+ secs\):
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(auth failed,
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(no (auth attempts in|input for) [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_accept\(\) failed: error:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_read failed: error:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Connect from local
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Successful quit|Connection closed \(in DATA finished\))
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Client has quit the connection \(state ?= ?READY\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Remote closed connection
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Logged out )?\(state=READY\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Connection closed \(state=READY\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: [A-F0-9]+: to=<[^>]*>, relay=[a-z0-9_.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays==[0-9.]+/=[0-9.]+/=[0-9.]+/=[0-9.]+, dsn==[0-9.]+, status=bounced \(host [a-z0-9_.-]+\[private/dovecot-lmtp\] said: 550 5.1.1 <[^>]*> User doesn't exist: [a-zA-Z@0-9_.-]+ \(in reply to RCPT TO command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=<[^:]+: (fileinto action: )?stored mail into mailbox
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=unspecified: fileinto action: stored mail into mailbox
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: stored mail into mailbox '
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: marked message to be discarded if not explicitly delivered \(discard action\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: msgid=[^:]+: saved mail to INBOX
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([-a-z0-9]+\): Disconnected: Logged out top=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(no auth attempts in [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([a-z0-9._]+\): Connection closed top=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve\([-a-z0-9]+\)<[0-9]+><[^>]+>: Disconnected: Logged out bytes=[0-9/]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=[a-f0-9.:]+, lip=[a-f0-9.:]+, mpid=[0-9]+, TLS, session=
|
|
|
+~~~~mail-postfix~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [0-9]+ at
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) count [0-9]+ for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) rate [0-9]+/60s for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/bounce\[[0-9]+\]: [0-9A-F]+: sender non-delivery notification: [0-9A-F]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: (resent-)?message-id=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: reject: header
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/local\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=local, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \((delivered to command:|forwarded as [0-9A-F]+)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], conn_use=[0-9]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/master\[[0-9]+\]: /etc/postfix/master.cf: line [0-9]+: using backwards-compatible default setting chroot=y
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/pickup\[[0-9]+\]: [0-9A-F]+: uid=[0-9]+ from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: [0-9A-F]+: removed
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: Deleted: [0-9]+ message
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: from=<[^>]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: removed
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: domain lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: max simultaneous domains=[0-9]+ addresses=[0-9]+ connection=[0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: start interval
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: Cannot start TLS: handshake failure
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] refused to talk to me: 421 [a-z0-9.-]+ Service unavailable - try again later
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(Cannot start TLS: handshake failure\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection timed out\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to end of DATA command\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: Host offered STARTTLS:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: (Untrusted|Trusted|Verified) TLS connection established to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: TLSv
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.0.0, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 451 (Temporary failure, p|4.3.2 P)lease try again later. \(in reply to (RCPT TO|DATA) command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.2.1, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] No route to host\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays==?[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550-5.7.1 [[0-9a-f:. ]+ Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550[-]5.1.1 Invalid recipient address \(no such address at this site\) \(in reply to RCPT TO command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 No Such User Here \(in reply to RCPT TO command\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 Requested action not taken: mailbox unavailable \(in reply to RCPT TO command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 554 delivery error: [a-z ]*This user doesn't have a yahoo.com account \([a-z0-9@._-]+\) \[-[0-9]+\] - \([a-z0-9._-]+ \(in reply to end of DATA command\)\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: (dis)?connect (from|to) [a-zA-Z0-9._-]+\[(unknown|[0-9a-f:.]+)\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: using backwards-compatible default setting smtp
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_connect error to [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_accept error from [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: TLS library problem: error:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: hostname [0-9a-zA-Z._-]* does not resolve to address [0-9a-fA-F:.]*
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: numeric domain name in resource data of MX record for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: Anonymous TLS connection established (from|to) [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:(25:)? TLSv1
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: (improper command pipelining|lost connection|timeout) after [A-Z]* (\([0-9]+ bytes\) )?from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\], sasl_method=(LOGIN|PLAIN), sasl_username=[a-z0-9-]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]$
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: reject: RCPT from unknown\[[0-9a-f:.]+\]: 550 5.1.1 <[a-z0-9.@-]+>: Recipient address rejected: User unknown in (virtual mailbox|local recipient) table; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: lost connection after CONNECT from
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 <[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]>: Client host rejected: Access denied; proto=SMTP
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, \[[0-9.:a-f]+\]; proto=SMTP
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.25 Client host rejected: cannot find your hostname, \[[0-9.:a-f]+\]; proto=SMTP
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Domain not found; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Malformed DNS server reply; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.2.0 <[^>]*>: Sender address rejected: Greylisted for [0-9]+ seconds; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: [45]54 [45].7.1 <[^>]*>: Relay access denied;
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 50[0-9]+ 5.5.2 <[^>]*>: Helo command rejected: (need fully-qualified hostname|Invalid name); from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 Service unavailable; Client host +\[[0-9a-f:.]+\] blocked using
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.1.1 <[^>]*>: Recipient address rejected: User unknown in virtual mailbox table; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 504 5.5.2 <[^>]*>: Sender address rejected: need fully-qualified address; from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.7.27 <[^>]*>: Sender address rejected: Domain [a-zA-Z0-9._-]+ does not accept mail \(nullMX\); from=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: MAIL from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.7.[0-9]+ Client host rejected: cannot find your( reverse)? hostname,
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from unknown\[unknown\]: Connection reset by peer
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: timeout after [A-Z-]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: too many errors after (AUTH|DATA|RCPT|MAIL|BDAT) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection concurrency limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection rate limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: hostname [a-zA-Z0-9._-]+ does not resolve to address [0-9a-f:.]+ Name or service not known
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] in MAIL command:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of MX record for
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: misplaced delimiter:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: numeric hostname:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: non-SMTP command from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: New TLS session rate limit exceeded
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Refusing TLS service request from
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: SASL (PLAIN|LOGIN) authentication failed:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: TLS library problem: error:[0-9A-F]+:SSL routines:(SSL23_GET_CLIENT_HELLO:unknown protocol|ssl3_read_bytes:sslv3 alert bad certificate):
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: numeric hostname:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: invalid character
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: action=(greylist|pass), reason=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning up old (logs|entries)...
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning (main|clients) database finished. before: [0-9]+, after: [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: whitelisted:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: [0-9A-F]+: action=pass, reason=triplet found, client_name=
|
|
|
+ Greylisted
|
|
|
+ Greylisting
|
|
|
+said: 550 spam message rejected by [a-z0-9_.-]+ \(in reply to end of DATA command\)
|
|
|
+Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126 to review our Bulk Email 421 4.7.0 Senders Guidelines.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Pass \((mailfrom|helo)\) identity=(mailfrom|helo); client-ip=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Softfail \(domain owner discourages use of this host\) identity=(mailfrom|helo); client-ip=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: None \((no SPF record|mailfrom)\) identity=(mailfrom|helo); client-ip=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Permerror \(SPF Permanent Error: Two or more type TXT spf records found.\) identity=(mailfrom|helo); client-ip=
|
|
|
+~~~~roundcube~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> IMAP Error: Login failed for [a-z0-5.-]+ from [0-9a-f.:]+ AUTHENTICATE [A-Z]+: Authentication failed.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> DB Error: \[1\] no such column: failed_login \(SQL Query: UPDATE "users" SET "failed_login" =
|
|
|
+~~~~dns~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPACK\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+ [A-Za-z0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCP(ACK|DISCOVER|INFORM|OFFER|RELEASE|REQUEST)\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPDISCOVER\([0-9a-z]+\) [0-9a-f:]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: Ignoring domain [A-Za-z0-9_.-]+ for DHCP host name [A-Za-z0-9_-]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPNAK\([a-z0-9]+\) [0-9.]+ [0-9a-f:]+ wrong address
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: axfr for [a-z.-]*\. from [a-f0-9:.]*
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*\] nsd\[[0-9]*\]: info: axfr for [a-z.-]*\. from [a-f0-9:.]*
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?failed reading from [0-9a-f.:]+ tcp: Connection reset by peer
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?sendto [0-9a-f:.]+ failed: Network is unreachable
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: info: )?ratelimit (un)?block +type error target
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: packet too small, dropping tcp connection
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9 :.-]*\] nsd\[[0-9]*\]: warning: packet too small, dropping tcp connection
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?query from client: address is:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?(from|to) server \(local\): address is: (0.0.0.0|::), port is: 53
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?response to client: address is:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] info: generate keytag query
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] error: SSL_handshake syscall: Connection reset by peer
|
|
|
+~~~~salt~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: KeyError: 'retcode'
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: Traceback \(most recent call last\):
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: \[INFO \]
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-master\[[0-9]+\]: \[INFO \]
|
|
|
+~~~~web~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: [0-9a-f:.]+ - - "GET /
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: fdwatch - [0-9]+ polls
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: libhttpd - [0-9]+ strings allocated, [0-9]+ bytes
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: map cache - [0-9]+ allocated, [0-9]+ active
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: timers - [0-9]+ allocated, [0-9]+ active, [0-9]+ free
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: thttpd - [0-9]+ connections
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: up [0-9]+ seconds, stats for [0-9]+0 seconds:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ open\(\) "[^ ]+ failed \(2: No such file or directory\), client:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ "[^"]+" is not found \(2: No such file or directory\), client:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ upstream timed out \(110: Connection timed out\) while reading response header from upstream, client:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ xinetd\[[0-9]+\]: warning: can't get client address: Connection reset by peer
|
|
|
+~~~~file~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp.c:[0-9]+: info: Serving DetailID: [0-9]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: INFO:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: WARN: SSL handshake failed:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_(browsesync|namequery).c:[0-9]+\(name_query_response\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\)
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +This response was from IP [0-9a-f.:]+, reporting an IP address of [0-9a-f.:]+
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +query_name_response: Multiple \([0-9]+\) responses received for a query on subnet [0-9a-f.:]+ for name
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +find_domain_master_name_query_fail:
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to find the Domain Master Browser name
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to sync browse lists in this workgroup.
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: connect from
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: rsync allowed access on module
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Creating SSL connection to host
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Sent mail for [0-9a-z@_.-]+ \(221 2.0.0 Bye\) uid=[0-9]+ username=
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: SSL connection using
|
|
|
+^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: EXT4-fs \([shv]sd[a-z][0-9]*\): mounted filesystem with ordered data mode. Opts:
|
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|