### journald - simple but effective journald monitoring ###### 2015- by Volker Tanger ###### http://www.wyae.de/software/journalogs/ ###### ignore_pattern v24.2.154 ###### ~~~~basis~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(sd-pam\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session closed for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Anacron [0-9.]+ started on [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test switch to battery. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test completed: Battery OK ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Create a snapshot of ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Delete subvolume \(no-commit\): ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Transaction commit: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: \(\*system\*\) RELOAD (/etc/cron.d/0HourlyDailyWeeklyMonthly) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: pam_unix\(crond:session\): session opened for user [a-z0-9]+ by \(uid=0\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crontab\[[0-9]+\]: \(root\) LIST \(nobody\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPREQUEST (of|for) [0-9.]+ on [a-z0-9]+ to [0-9.]+ port 67 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: bound to [0-9.]+ -- renewal in [0-9]+ seconds ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPACK of [0-9.]+ from [0-9.]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ fstrim\[[0-9]+\]: [a-z0-9_/-]+: [0-9,.]+ ([MkG]i)?B \([0-9]+ Bytes\) auf [/a-z0-9-]+ getrimmt ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: Method parse/execution failed \[\\_SB.PMI0._PMM\] \(Node ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length [0-9]+, found length [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS: device label ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS info \(device [a-z0-9-]+\): disk space caching is enabled ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS( info \(device [a-z0-9-]+\))?: has skinny extents ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: CE: hpet increased min_delta_ns to [0-9]+ nsec ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: hrtimer: interrupt took [0-9]+ ns ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ \[sd[a-z]\] Very big device. Trying to use READ CAPACITY ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ timing out command, waited [0-9]+s ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ libvirtd\[[0-9]+\]: Operation ist nicht untersttzt: summary statistics are not supported yet ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (man subdirector(y|ies) contained newer manual pages|Handbuchverzeichnisse enthielten neuere Handbuchseiten). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (manual pages were added|Handbuchseiten wurden hinzugef.gt). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entries were purged|alte Datenbankeintr.ge wurden entfernt). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (stray cats were added|herrenlose .?cat.?-Dateien wurden hinzugef.gt). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Processing manual pages under|Handbuchseiten unter) /usr/(share|local)/man ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entry was purged|alter Datenbankeintrag wurde entfernt)\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Purging old database entries|Alte Datenbankeintr.ge) in /usr/(share|local)/man ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Updating index cache for path |Indexcache des Pfades ) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Checking for stray cats under|Handbuchseiten ohne .cat.-Dateien in [/a-zA-Z0-9._-]+ werden gesucht) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (whatis parse for [a-z0-9._()-]+ failed|whatis-Verarbeitung f.r [/a-z0-9._()-]+ fehlgeschlagen) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (can't open [/a-z0-9._-]+: No such file or directory|[/a-z0-9._-]+ kann nicht ge.ffnet werden: Datei oder Verzeichnis nicht gefunden) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (bad symlink or ROFF .\.so' request|ung.ltige symbolische Verkn.pfung oder .roff.-.\.so.-Anfrage) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: Warnung: [/a-zA-Z0-9._-]+: fehlerhafter Dateiname wird ignoriert ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: scanner\.c:[0-9]+: info: Scanning ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp\.c:[0-9]+: info: Serving DetailID: [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (done|fertig)\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_namequery\.c:[0-9]+\(query_name_response\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ run-parts\[[0-9]+\]: \(/etc/cron.(hourly|daily)\) (starting|finished) (journalogs|dailogs|backup|mcelog.cron|mosshe_hourly|ntpdate|rechtesetzen|man-db.con|logrotate) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ runuser\[[0-9]+\]: pam_unix\(runuser:session\): session (opened|closed) for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ (rsyslog|rsyslogd|liblogging-stdlog)\[[0-9]+\]: +\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https?:\/\/www.rsyslog.com"\] (start|rsyslogd was HUPed|exiting on signal) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], SMART (Usage|Prefailure) Attribute: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], CHECK POWER STATUS spins up disk ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Accepted publickey for [a-z0-9]+ from [0-9a-f:.]+ port [0-9]+ ssh2: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Bad protocol version identification ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: could not read protocol version ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: invalid format ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection closed by (invalid user [A-Za-u0-9_.-]* )?[0-9.a-f:]+ port [0-9]+ \[preauth\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection (closed|reset) by [0-9.a-f:]+ port [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Did not receive identification string from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnected from (invalid )?(user [a-z0-9-]+ )?[0-9.a-f:]+( port [0-9]+)? ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnecting invalid user [a-z0-9-]+ [0-9.]+ port [0-9]+: Change of username or service not allowed: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: (read: )?Connection reset by peer ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: Protocol major versions differ: 2 vs. 1 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Invalid user [^ ]+ from [0-9A-F.:]+ port [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: pam_unix\(sshd:session\): session (opened|closed) for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: disconnected by user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: Normal Shutdown, Thank you for playing ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Protocol major versions differ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: userauth_pubkey: key type [a-z-]* not in PubkeyAcceptedKeyTypes ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching key exchange method found. Their offer: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching host key type found. Their offer: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: ssh:connection from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+ forwarded from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: forward to ssh failed:connect: Connection timed out ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: connect: Connection timed out ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: getpeername:[0-9]+:Transport endpoint is not connected ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: pam_unix\(su:session\): session (open|clos)ed for user [a-z0-9._-]+( by \(uid=0\))? ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \(to [a-z0-9_.-]+\) root on none ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \+ \?\?\? [a-z0-9]+:[a-z0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: \([a-z._0-9]+\) CMD \( ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: pam_unix\(crond?:session\): session (opened|closed) for user ~~~~systemd+dbus+auditd~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(systemd\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Created slice user-[0-9]+.slice - User Slice of UID [0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped|Created|Finished) user\@[0-9]+.service - User Manager for UID [0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: session-[0-9]+.scope: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopped|Stopping) user-runtime-dir\@[0-9]+.service - User Runtime Directory /run/user/[0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Activating special unit exit.target... ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished systemd-exit.service - Exit the Session. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: [a-z0-9-]+.service: Succeeded\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Run anacron jobs ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: anacron.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily(-upgrade)?.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Consumed [0-9.]+s CPU time. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Created|Removed) slice (user-[0-9]+.slice )?User Slice of ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopping|Stopped) user-runtime-dir@[0-9]+.service - User Runtime Directory /run/user/[0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting user@[0-9]+.service - User Manager for UID [0-9]+... ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Starting) D-Bus User Message Bus Socket\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus.socket: Succeeded. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Failed at step CGROUP spawning /usr/lib/systemd/systemd: No such file or directory ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Cleanup of Temporary Directories. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Clean php session files. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) phpsessionclean.service - Clean php session files. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: phpsessionclean.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily apt (download|upgrade and clean) activities. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily man-db regeneration. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) man-db.service - Daily man-db regeneration. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: man-db.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Exit the Session. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished e2scrub_all.service - Online ext4 Metadata Check for All Filesystems. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Rotate log files. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished User Runtime Directory /run/user/ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: gpg-agent(-extra|-browser|-ssh)?.socket: Succeeded. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Exit the Session. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session-[0-9]+.scope|dirmngr.socket|run-user-[0-9]+.mount): Succeeded. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Listening on D-Bus User Message Bus Socket\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Listening on) GnuPG cryptographic agent (and passphrase cache|\(ssh-agent emulation\)|\(access for web browsers\)) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session (opened|closed) for user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Queued start job for [a-z]+ target ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Reached|Stopped) target ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Received SIGRTMIN\+24 from PID [0-9]+ \(kill\). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Reloading\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started dnf makecache\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started /usr/sbin/pacman -Su --noprogressbar --noconfirm\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ed|ing) Network Service\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Daily apt upgrade and clean activities\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily.service - Daily apt download activities. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily-upgrade.service - Daily apt upgrade and clean activities ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily-upgrade.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Session [0-9a-f]+ of user [a-z0-9_.-]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Succeeded. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Consumed [0-9.]+s CPU time. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Manager for UID [0-9]+. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Runtime Directory ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Created|Removed|Stopping) (slice )?user-[0-9]+.slice\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Session [0-9a-f]+ of user root\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting dnf makecache\.\.\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting Exit the Session\.\.\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) (Basic System|Default|Paths|Sockets|Timers|Shutdown). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Clean php session files. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Cleanup of Temporary Directories\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Discard unused blocks on filesystems from /etc/fstab ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Lightning Fast Webserver With Light System Requirements\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Rotate log files\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Verify integrity of password and group files\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Update man-db cache\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily man-db regeneration\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) User Manager for UID 0\.\.\. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Online ext4 Metadata Check for All Filesystems ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) e2scrub_all.service - Online ext4 Metadata Check for All Filesystems... ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Succeeded ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) dpkg-db-backup.service - Daily dpkg database backup service. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dpkg-db-backup.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) logrotate.service - Rotate log files. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: logrotate.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) systemd-tmpfiles-clean.service - Cleanup of Temporary Directories. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: systemd-tmpfiles-clean.service: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Reload)(ing|ed) Lighttpd Web Server. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Startup finished in [0-9]+ms. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily apt download activities. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped) [A-Za-z]+ Daemon ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Killing process [0-9]+ \(kill\) with signal SIGKILL ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG network certificate management daemon. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG cryptographic agent ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Stopp)(ed|ing) Network Name Resolution. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user(-runtime-dir)?@[0-9]+.(service|mount): Succeeded. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd-tmpfiles-clean.service.mount: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd[^.]+.service.mount: Deactivated successfully. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started) systemd-timedated.service - Time & Date Service. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus-daemon[519]: [system] Successfully activated service 'org.freedesktop.timedate1' ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Existing logind session ID [0-9]+ used by new audit session, ignoring. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: New session [0-9a-f]+ of user ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Removed session ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Session [a-f0-9]+ logged out. Waiting for processes to exit. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Retention time reached, rotating. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Starting DHCPv6 client on NDisc request failed: Invalid argument ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: Enumeration completed ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Configured ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Could not drop address: No such process ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Gained IPv6LL ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Positive Trust Anchors: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: . IN DS [0-9]+ [0-9]+ [0-9]+ [0-9a-f]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Using system hostname ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: request_name_destroy_callback n_ref=1 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timedated\[[0-9]+\]: Set NTP to enabled \(systemd-timesyncd.service\). ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Synchronized to time server ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Timed out waiting for reply from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Network configuration changed, trying to establish connection. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: interval/delta/delay/jitter/drift [0-9]+s/[+-][0-9.]+s/[0-9.]+s/[0-9.]+s/[+-][0-9.]+ppm ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dbus-daemon\[[0-9]+\]: \[system\] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by ~~~~redhat/fedora~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: SERVICE_(START|STOP) pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ ses=[0-9]+ msg='unit=(logrotate|man-db|shadow|systemd-tmpfiles-clean|systemd-resolved) comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success' ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: audit: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf/x86 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: DNF version: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Loaded plugins: migrate ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Metadaten-Zwischenspeicher wurde ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Zwischenspeicherungsdateien f.r alle Metadaten-Dateien werden erstellt ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: fedora: (metadata )?will expire after [0-9]+ seconds ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: not found (delta|update)info for: Fedora ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: repo: using cache for: fedora ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: updates: metadata will expire after [0-9]+ seconds and will be refreshed now ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: failed for 'updates', mismatched sha256 sum. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: '(updates|fedora)' can be revived. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf ~~~~mail-dovecot~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: Warning: Event 0x[0-9a-f]* leaked \(parent=\(nil\)\): auth-client-connection.c ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: (Error|Warning): auth client [0-9]+ disconnected with [0-9]+ pending requests: (Connection reset by peer|EOF) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: Error: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Error: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Connection closed ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Inactivity - no input for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected for inactivity ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Logged out in=[0-9]+ out=[0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(no auth attempts in [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed, ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: (Disconnected: )?Connection closed \(auth failed, ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Aborted login by logging out ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed \(no auth attempts in [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: read\(size=[0-9]+\) failed: Connection reset by peer \(no auth attempts in [0-9]+ secs\): ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(auth failed, ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(no (auth attempts in|input for) [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(client didn't finish SASL auth, waited [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed \(client didn't finish SASL auth, waited [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_accept\(\) failed: error: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_read failed: error: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Connect from local ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Connect from local ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Successful quit|Connection closed \(in DATA finished\)) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Client has quit the connection \(state ?= ?READY\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Remote closed connection ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Logged out )?\(state=READY\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Connection closed \(state=READY\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: [A-F0-9]+: to=<[^>]*>, relay=[a-z0-9_.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays==[0-9.]+/=[0-9.]+/=[0-9.]+/=[0-9.]+, dsn==[0-9.]+, status=bounced \(host [a-z0-9_.-]+\[private/dovecot-lmtp\] said: 550 5.1.1 <[^>]*> User doesn't exist: [a-zA-Z@0-9_.-]+ \(in reply to RCPT TO command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=<[^:]+: (fileinto action: )?stored mail into mailbox ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=unspecified: fileinto action: stored mail into mailbox ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: stored mail into mailbox ' ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: marked message to be discarded if not explicitly delivered \(discard action\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: msgid=[^:]+: saved mail to INBOX ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([-a-z0-9]+\): Disconnected: Logged out top= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(no auth attempts in [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([a-z0-9._]+\): Connection closed top= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve\([-a-z0-9]+\)<[0-9]+><[^>]+>: Disconnected: Logged out bytes=[0-9/]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=[a-f0-9.:]+, lip=[a-f0-9.:]+, mpid=[0-9]+, TLS, session= ~~~~mail-postfix~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [0-9]+ at ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) count [0-9]+ for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) rate [0-9]+/60s for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/bounce\[[0-9]+\]: [0-9A-F]+: sender non-delivery notification: [0-9A-F]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: (resent-)?message-id= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: reject: header ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/local\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=local, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \((delivered to command:|forwarded as [0-9A-F]+) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [A-F0-9]+: breaking line > [0-9]+ bytes with ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], conn_use=[0-9]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/master\[[0-9]+\]: /etc/postfix/master.cf: line [0-9]+: using backwards-compatible default setting chroot=y ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/pickup\[[0-9]+\]: [0-9A-F]+: uid=[0-9]+ from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: [0-9A-F]+: removed ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: Deleted: [0-9]+ message ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: from=<[^>]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: removed ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: domain lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+% ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: max simultaneous domains=[0-9]+ addresses=[0-9]+ connection=[0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: start interval ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: Cannot start TLS: handshake failure ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] refused to talk to me: 421 [a-z0-9.-]+ Service unavailable - try again later ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(Cannot start TLS: handshake failure\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection timed out\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to end of DATA command\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: Host offered STARTTLS: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: (Untrusted|Trusted|Verified) TLS connection established to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: TLSv ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.0.0, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 451 (Temporary failure, p|4.3.2 P)lease try again later. \(in reply to (RCPT TO|DATA) command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.2.1, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] No route to host\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays==?[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550-5.7.1 [[0-9a-f:. ]+ Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550[-]5.1.1 Invalid recipient address \(no such address at this site\) \(in reply to RCPT TO command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 No Such User Here \(in reply to RCPT TO command\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 Requested action not taken: mailbox unavailable \(in reply to RCPT TO command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 554 delivery error: [a-z ]*This user doesn't have a yahoo.com account \([a-z0-9@._-]+\) \[-[0-9]+\] - \([a-z0-9._-]+ \(in reply to end of DATA command\)\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: (dis)?connect (from|to) [a-zA-Z0-9._-]+\[(unknown|[0-9a-f:.]+)\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: bare received after (CONNECT|STARTTLS) from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: using backwards-compatible default setting smtp ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_connect error to [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_accept error from [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: TLS library problem: error: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: hostname [0-9a-zA-Z._-]* does not resolve to address [0-9a-fA-F:.]* ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: numeric domain name in resource data of MX record for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: Anonymous TLS connection established (from|to) [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:(25:)? TLSv1 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: (improper command pipelining|lost connection|timeout) after [A-Z]* (\([0-9]+ bytes\) )?from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\], sasl_method=(LOGIN|PLAIN), sasl_username=[a-z0-9-]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]$ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: reject: RCPT from unknown\[[0-9a-f:.]+\]: 550 5.1.1 <[a-z0-9.@-]+>: Recipient address rejected: User unknown in (virtual mailbox|local recipient) table; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: lost connection after CONNECT from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 <[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]>: Client host rejected: Access denied; proto=SMTP ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, \[[0-9.:a-f]+\]; proto=SMTP ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.25 Client host rejected: cannot find your hostname, \[[0-9.:a-f]+\]; proto=SMTP ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Domain not found; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Malformed DNS server reply; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.2.0 <[^>]*>: Sender address rejected: Greylisted for [0-9]+ seconds; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: [45]54 [45].7.1 <[^>]*>: Relay access denied; ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 50[0-9]+ 5.5.2 <[^>]*>: Helo command rejected: (need fully-qualified hostname|Invalid name); from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 Service unavailable; Client host +\[[0-9a-f:.]+\] blocked using ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.1.1 <[^>]*>: Recipient address rejected: User unknown in virtual mailbox table; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 504 5.5.2 <[^>]*>: Sender address rejected: need fully-qualified address; from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.7.27 <[^>]*>: Sender address rejected: Domain [a-zA-Z0-9._-]+ does not accept mail \(nullMX\); from= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: MAIL from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.7.[0-9]+ Client host rejected: cannot find your( reverse)? hostname, ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from unknown\[unknown\]: Connection reset by peer ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: timeout after [A-Z-]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: too many errors after (AUTH|DATA|RCPT|MAIL|BDAT) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection concurrency limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection rate limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: hostname [a-zA-Z0-9._-]+ does not resolve to address [0-9a-f:.]+ Name or service not known ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] in MAIL command: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of MX record for ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: misplaced delimiter: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: numeric hostname: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: non-SMTP command from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: New TLS session rate limit exceeded ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Refusing TLS service request from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: SASL (PLAIN|LOGIN) authentication failed: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: TLS library problem: error:[0-9A-F]+:SSL routines:(SSL23_GET_CLIENT_HELLO:unknown protocol|ssl3_read_bytes:sslv3 alert bad certificate): ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: numeric hostname: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: invalid character ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: action=(greylist|pass), reason= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning up old (logs|entries)... ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning (main|clients) database finished. before: [0-9]+, after: [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: whitelisted: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: [0-9A-F]+: action=pass, reason=triplet found, client_name= Greylisted Greylisting said: 550 spam message rejected by [a-z0-9_.-]+ \(in reply to end of DATA command\) Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126 to review our Bulk Email 421 4.7.0 Senders Guidelines. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Pass \((mailfrom|helo)\) identity=(mailfrom|helo); client-ip= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Softfail \(domain owner discourages use of this host\) identity=(mailfrom|helo); client-ip= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: None \((no SPF record|mailfrom)\) identity=(mailfrom|helo); client-ip= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Permerror \(SPF Permanent Error: Two or more type TXT spf records found.\) identity=(mailfrom|helo); client-ip= ~~~~roundcube~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> IMAP Error: Login failed for [a-z0-5.-]+ from [0-9a-f.:]+ AUTHENTICATE [A-Z]+: Authentication failed. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> DB Error: \[1\] no such column: failed_login \(SQL Query: UPDATE "users" SET "failed_login" = ~~~~dns~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPACK\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+ [A-Za-z0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCP(ACK|DISCOVER|INFORM|OFFER|RELEASE|REQUEST)\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPDISCOVER\([0-9a-z]+\) [0-9a-f:]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: Ignoring domain [A-Za-z0-9_.-]+ for DHCP host name [A-Za-z0-9_-]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPNAK\([a-z0-9]+\) [0-9.]+ [0-9a-f:]+ wrong address ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: axfr for [a-z.-]*\. from [a-f0-9:.]* ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*\] nsd\[[0-9]*\]: info: axfr for [a-z.-]*\. from [a-f0-9:.]* ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?failed reading from [0-9a-f.:]+ tcp: Connection reset by peer ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?sendto [0-9a-f:.]+ failed: Network is unreachable ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: info: )?ratelimit (un)?block +type error target ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: packet too small, dropping tcp connection ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9 :.-]*\] nsd\[[0-9]*\]: warning: packet too small, dropping tcp connection ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?query from client: address is: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?(from|to) server \(local\): address is: (0.0.0.0|::), port is: 53 ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?response to client: address is: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] info: generate keytag query ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] error: SSL_handshake syscall: Connection reset by peer ~~~~salt~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: KeyError: 'retcode' ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: Traceback \(most recent call last\): ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: \[INFO \] ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-master\[[0-9]+\]: \[INFO \] ~~~~web~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: [0-9a-f:.]+ - - "GET / ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: fdwatch - [0-9]+ polls ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: libhttpd - [0-9]+ strings allocated, [0-9]+ bytes ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: map cache - [0-9]+ allocated, [0-9]+ active ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: timers - [0-9]+ allocated, [0-9]+ active, [0-9]+ free ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: thttpd - [0-9]+ connections ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: up [0-9]+ seconds, stats for [0-9]+0 seconds: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ open\(\) "[^ ]+ failed \(2: No such file or directory\), client: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ "[^"]+" is not found \(2: No such file or directory\), client: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ upstream timed out \(110: Connection timed out\) while reading response header from upstream, client: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ xinetd\[[0-9]+\]: warning: can't get client address: Connection reset by peer ~~~~file~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp.c:[0-9]+: info: Serving DetailID: [0-9]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: INFO: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: WARN: SSL handshake failed: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_(browsesync|namequery).c:[0-9]+\(name_query_response\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/lib/tallocmsg.c:[0-9]+\(register_msg_pool_usage\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/nmbd/nmbd_nameregister.c:[0-9]+\(wins_registration_timeout\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +This response was from IP [0-9a-f.:]+, reporting an IP address of [0-9a-f.:]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +query_name_response: Multiple \([0-9]+\) responses received for a query on subnet [0-9a-f.:]+ for name ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +find_domain_master_name_query_fail: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to find the Domain Master Browser name ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to sync browse lists in this workgroup. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +wins_registration_timeout: WINS server [0-9.]+ timed out registering IP [0-9.]+ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Registered MSG_REQ_POOL_USAGE ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Could not find child [0-9]+ -- ignoring ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] \.\./source3/lib/sysquotas\.c:[0-9]+\(sys_get_quota\) ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +sys_path_to_bdev\(\) failed for path \[ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../lib/util/access.c ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/smbd/ ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/lib/tallocmsg.c: ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +smb_set_file_dosmode: file_set_dosmode of ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +Registered MSG_REQ_POOL_USAGE ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +Could not find child [0-9]+ -- ignoring ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +[a-z0-9]+ (opened|closed) file ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: connect from ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: rsync allowed access on module ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Creating SSL connection to host ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Sent mail for [0-9a-z@_.-]+ \(221 2.0.0 Bye\) uid=[0-9]+ username= ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: SSL connection using ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: EXT4-fs \([shv]sd[a-z][0-9]*\): mounted filesystem with ordered data mode. Opts: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~