ignore_pattern 65 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449
  1. ### journald - simple but effective journald monitoring
  2. ###### 2015- by Volker Tanger <volker.tanger@wyae.de>
  3. ###### http://www.wyae.de/software/journalogs/
  4. ###### ignore_pattern v24.2.154
  5. ######
  6. ~~~~basis~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(sd-pam\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session closed for user
  8. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Anacron [0-9.]+ started on [0-9]+
  9. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)
  10. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test switch to battery.
  11. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ apcupsd\[[0-9]+\]: UPS Self Test completed: Battery OK
  12. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Create a snapshot of
  13. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Delete subvolume \(no-commit\):
  14. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ btrfs-snap\[[0-9]+\]: Transaction commit:
  15. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: \(\*system\*\) RELOAD (/etc/cron.d/0HourlyDailyWeeklyMonthly)
  16. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crond\[[0-9]+\]: pam_unix\(crond:session\): session opened for user [a-z0-9]+ by \(uid=0\)
  17. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ crontab\[[0-9]+\]: \(root\) LIST \(nobody\)
  18. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPREQUEST (of|for) [0-9.]+ on [a-z0-9]+ to [0-9.]+ port 67
  19. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: bound to [0-9.]+ -- renewal in [0-9]+ seconds
  20. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dhclient\[[0-9]+\]: DHCPACK of [0-9.]+ from [0-9.]+
  21. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ fstrim\[[0-9]+\]: [a-z0-9_/-]+: [0-9,.]+ ([MkG]i)?B \([0-9]+ Bytes\) auf [/a-z0-9-]+ getrimmt
  22. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: Method parse/execution failed \[\\_SB.PMI0._PMM\] \(Node
  23. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length [0-9]+, found length [0-9]+
  24. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM
  25. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS: device label
  26. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS info \(device [a-z0-9-]+\): disk space caching is enabled
  27. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: BTRFS( info \(device [a-z0-9-]+\))?: has skinny extents
  28. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: CE: hpet increased min_delta_ns to [0-9]+ nsec
  29. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: hrtimer: interrupt took [0-9]+ ns
  30. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ \[sd[a-z]\] Very big device. Trying to use READ CAPACITY
  31. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: sd [0-9:]+ timing out command, waited [0-9]+s
  32. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ libvirtd\[[0-9]+\]: Operation ist nicht untersttzt: summary statistics are not supported yet
  33. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (man subdirector(y|ies) contained newer manual pages|Handbuchverzeichnisse enthielten neuere Handbuchseiten).
  34. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (manual pages were added|Handbuchseiten wurden hinzugef.gt).
  35. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entries were purged|alte Datenbankeintr.ge wurden entfernt).
  36. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (stray cats were added|herrenlose .?cat.?-Dateien wurden hinzugef.gt).
  37. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Processing manual pages under|Handbuchseiten unter) /usr/(share|local)/man
  38. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: [0-9]+ (old database entry was purged|alter Datenbankeintrag wurde entfernt)\.
  39. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Purging old database entries|Alte Datenbankeintr.ge) in /usr/(share|local)/man
  40. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Updating index cache for path |Indexcache des Pfades )
  41. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (Checking for stray cats under|Handbuchseiten ohne .cat.-Dateien in [/a-zA-Z0-9._-]+ werden gesucht)
  42. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (whatis parse for [a-z0-9._()-]+ failed|whatis-Verarbeitung f.r [/a-z0-9._()-]+ fehlgeschlagen)
  43. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (can't open [/a-z0-9._-]+: No such file or directory|[/a-z0-9._-]+ kann nicht ge.ffnet werden: Datei oder Verzeichnis nicht gefunden)
  44. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: (warning|Warnung): [/a-z0-9._-]+: (bad symlink or ROFF .\.so' request|ung.ltige symbolische Verkn.pfung oder .roff.-.\.so.-Anfrage)
  45. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: /usr/bin/mandb: Warnung: [/a-zA-Z0-9._-]+: fehlerhafter Dateiname wird ignoriert
  46. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: scanner\.c:[0-9]+: info: Scanning
  47. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp\.c:[0-9]+: info: Serving DetailID: [0-9]+
  48. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ mandb\[[0-9]+\]: (done|fertig)\.
  49. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_namequery\.c:[0-9]+\(query_name_response\)
  50. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] (\.\./)+source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\)
  51. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ run-parts\[[0-9]+\]: \(/etc/cron.(hourly|daily)\) (starting|finished) (journalogs|dailogs|backup|mcelog.cron|mosshe_hourly|ntpdate|rechtesetzen|man-db.con|logrotate)
  52. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ runuser\[[0-9]+\]: pam_unix\(runuser:session\): session (opened|closed) for user
  53. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ (rsyslog|rsyslogd|liblogging-stdlog)\[[0-9]+\]: +\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https?:\/\/www.rsyslog.com"\] (start|rsyslogd was HUPed|exiting on signal)
  54. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], SMART (Usage|Prefailure) Attribute:
  55. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smartd\[[0-9]+\]: Device: /dev/[a-z]+ \[[A-Z]+\], CHECK POWER STATUS spins up disk
  56. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Accepted publickey for [a-z0-9]+ from [0-9a-f:.]+ port [0-9]+ ssh2:
  57. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Bad protocol version identification
  58. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: could not read protocol version
  59. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: banner exchange: Connection from [0-9a-f:.]+ port [0-9]+: invalid format
  60. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection closed by (invalid user [A-Za-u0-9_.-]* )?[0-9.a-f:]+ port [0-9]+ \[preauth\]
  61. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Connection (closed|reset) by [0-9.a-f:]+ port [0-9]+
  62. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Did not receive identification string from
  63. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnected from (invalid )?(user [a-z0-9-]+ )?[0-9.a-f:]+( port [0-9]+)?
  64. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Disconnecting invalid user [a-z0-9-]+ [0-9.]+ port [0-9]+: Change of username or service not allowed:
  65. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters
  66. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier
  67. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host
  68. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: (read: )?Connection reset by peer
  69. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: error: Protocol major versions differ: 2 vs. 1
  70. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: fatal: Timeout before authentication for
  71. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Invalid user [^ ]+ from [0-9A-F.:]+ port [0-9]+
  72. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: pam_unix\(sshd:session\): session (opened|closed) for user
  73. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: disconnected by user
  74. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Received disconnect from [0-9:a-f.]+( port)? [0-9:]+: Normal Shutdown, Thank you for playing
  75. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Protocol major versions differ
  76. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: userauth_pubkey: key type [a-z-]* not in PubkeyAcceptedKeyTypes
  77. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching key exchange method found. Their offer:
  78. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sshd\[[0-9]+\]: Unable to negotiate with [0-9.a-f:]+ port [0-9]+: no matching host key type found. Their offer:
  79. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: ssh:connection from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+ forwarded from [A-Za-z0-9.:-]+ to [A-Za-z0-9.:-]+
  80. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: forward to ssh failed:connect: Connection timed out
  81. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: connect: Connection timed out
  82. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sslh-(select|fork)\[[0-9]+\]: getpeername:[0-9]+:Transport endpoint is not connected
  83. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: pam_unix\(su:session\): session (open|clos)ed for user [a-z0-9._-]+( by \(uid=0\))?
  84. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \(to [a-z0-9_.-]+\) root on none
  85. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ su\[[0-9]+\]: \+ \?\?\? [a-z0-9]+:[a-z0-9]+
  86. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: \([a-z._0-9]+\) CMD \(
  87. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ CROND?\[[0-9]+\]: pam_unix\(crond?:session\): session (opened|closed) for user
  88. ~~~~systemd+dbus+auditd~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  89. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ \(systemd\)\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user
  90. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session opened for user
  91. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully.
  92. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Created slice user-[0-9]+.slice - User Slice of UID [0-9]+.
  93. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User
  94. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully.
  95. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully.
  96. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+.
  97. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped|Created|Finished) user\@[0-9]+.service - User Manager for UID [0-9]+.
  98. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Removed slice user-[0-9]+.slice - User Slice of UID [0-9]+.
  99. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started session-[0-9]+.scope - Session [0-9]+ of User
  100. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: session-[0-9]+.scope: Deactivated successfully.
  101. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopped|Stopping) user-runtime-dir\@[0-9]+.service - User Runtime Directory /run/user/[0-9]+.
  102. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user-runtime-dir@[0-9]+.service: Deactivated successfully.
  103. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Deactivated successfully.
  104. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-user-[0-9]+.mount: Deactivated successfully.
  105. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Activating special unit exit.target...
  106. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished systemd-exit.service - Exit the Session.
  107. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: [a-z0-9-]+.service: Succeeded\.
  108. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Run anacron jobs
  109. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: anacron.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time
  110. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily(-upgrade)?.timer: Adding ([0-9]+h )?([0-9]+min )?[0-9.]+m?s random time
  111. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Consumed [0-9.]+s CPU time.
  112. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Created|Removed) slice (user-[0-9]+.slice )?User Slice of
  113. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Finished|Stopping|Stopped) user-runtime-dir@[0-9]+.service - User Runtime Directory /run/user/[0-9]+.
  114. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting user@[0-9]+.service - User Manager for UID [0-9]+...
  115. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Starting) D-Bus User Message Bus Socket\.
  116. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus.socket: Succeeded.
  117. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Failed at step CGROUP spawning /usr/lib/systemd/systemd: No such file or directory
  118. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Cleanup of Temporary Directories.
  119. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Clean php session files.
  120. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) phpsessionclean.service - Clean php session files.
  121. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: phpsessionclean.service: Deactivated successfully.
  122. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily apt (download|upgrade and clean) activities.
  123. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Daily man-db regeneration.
  124. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) man-db.service - Daily man-db regeneration.
  125. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: man-db.service: Deactivated successfully.
  126. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Exit the Session.
  127. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished e2scrub_all.service - Online ext4 Metadata Check for All Filesystems.
  128. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished Rotate log files.
  129. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Finished User Runtime Directory /run/user/
  130. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages.
  131. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: gpg-agent(-extra|-browser|-ssh)?.socket: Succeeded.
  132. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Exit the Session.
  133. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session-[0-9]+.scope|dirmngr.socket|run-user-[0-9]+.mount): Succeeded.
  134. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Listening on D-Bus User Message Bus Socket\.
  135. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Closed|Listening on) GnuPG cryptographic agent (and passphrase cache|\(ssh-agent emulation\)|\(access for web browsers\))
  136. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: pam_unix\(systemd-user:session\): session (opened|closed) for user
  137. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Queued start job for [a-z]+ target
  138. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Reached|Stopped) target
  139. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Received SIGRTMIN\+24 from PID [0-9]+ \(kill\).
  140. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Reloading\.
  141. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started dnf makecache\.
  142. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started /usr/sbin/pacman -Su --noprogressbar --noconfirm\.
  143. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ed|ing) Network Service\.
  144. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Daily apt upgrade and clean activities\.
  145. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily.service - Daily apt download activities.
  146. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily.service: Deactivated successfully.
  147. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) apt-daily-upgrade.service - Daily apt upgrade and clean activities
  148. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: apt-daily-upgrade.service: Deactivated successfully.
  149. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting) Session [0-9a-f]+ of user [a-z0-9_.-]+.
  150. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Succeeded.
  151. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (session|user)-[a-f0-9]+.(slice|scope): Consumed [0-9.]+s CPU time.
  152. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Manager for UID [0-9]+.
  153. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Started|Starting|Stopped|Stopping) User Runtime Directory
  154. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Created|Removed|Stopping) (slice )?user-[0-9]+.slice\.
  155. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Started Session [0-9a-f]+ of user root\.
  156. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting dnf makecache\.\.\.
  157. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Starting Exit the Session\.\.\.
  158. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) (Basic System|Default|Paths|Sockets|Timers|Shutdown).
  159. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Clean php session files.
  160. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Cleanup of Temporary Directories\.
  161. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Discard unused blocks on filesystems from /etc/fstab
  162. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Lightning Fast Webserver With Light System Requirements\.
  163. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Rotate log files\.
  164. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Verify integrity of password and group files\.
  165. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Update man-db cache\.
  166. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily man-db regeneration\.
  167. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Stopping) User Manager for UID 0\.\.\.
  168. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) Online ext4 Metadata Check for All Filesystems
  169. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) e2scrub_all.service - Online ext4 Metadata Check for All Filesystems...
  170. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Deactivated successfully.
  171. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: e2scrub_all.service: Succeeded
  172. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) dpkg-db-backup.service - Daily dpkg database backup service.
  173. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dpkg-db-backup.service: Deactivated successfully.
  174. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) logrotate.service - Rotate log files.
  175. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: logrotate.service: Deactivated successfully.
  176. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Finished) systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
  177. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: systemd-tmpfiles-clean.service: Deactivated successfully.
  178. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Reload)(ing|ed) Lighttpd Web Server.
  179. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Startup finished in [0-9]+ms.
  180. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: Start(ing|ed) Daily apt download activities.
  181. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started|Stopping|Stopped) [A-Za-z]+ Daemon
  182. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user@[0-9]+.service: Killing process [0-9]+ \(kill\) with signal SIGKILL
  183. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG network certificate management daemon.
  184. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Listening on|Closed) GnuPG cryptographic agent
  185. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Start|Stopp)(ed|ing) Network Name Resolution.
  186. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: user(-runtime-dir)?@[0-9]+.(service|mount): Succeeded.
  187. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
  188. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd-tmpfiles-clean.service.mount: Deactivated successfully.
  189. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: run-credentials-systemd[^.]+.service.mount: Deactivated successfully.
  190. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: (Starting|Started) systemd-timedated.service - Time & Date Service.
  191. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd\[[0-9]+\]: dbus-daemon[519]: [system] Successfully activated service 'org.freedesktop.timedate1'
  192. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Existing logind session ID [0-9]+ used by new audit session, ignoring.
  193. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: New session [0-9a-f]+ of user
  194. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Removed session
  195. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-logind\[[0-9]+\]: Session [a-f0-9]+ logged out. Waiting for processes to exit.
  196. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Forwarding to syslog missed [0-9]+ messages.
  197. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-journald\[[0-9]+\]: Retention time reached, rotating.
  198. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Starting DHCPv6 client on NDisc request failed: Invalid argument
  199. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: Enumeration completed
  200. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Configured
  201. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Could not drop address: No such process
  202. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-networkd\[[0-9]+\]: [a-z0-9]+: Gained IPv6LL
  203. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Positive Trust Anchors:
  204. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: . IN DS [0-9]+ [0-9]+ [0-9]+ [0-9a-f]+
  205. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
  206. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: Using system hostname
  207. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-resolved\[[0-9]+\]: request_name_destroy_callback n_ref=1
  208. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timedated\[[0-9]+\]: Set NTP to enabled \(systemd-timesyncd.service\).
  209. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Synchronized to time server
  210. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Timed out waiting for reply from
  211. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: Network configuration changed, trying to establish connection.
  212. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ systemd-timesyncd\[[0-9]+\]: interval/delta/delay/jitter/drift [0-9]+s/[+-][0-9.]+s/[0-9.]+s/[0-9.]+s/[+-][0-9.]+ppm
  213. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dbus-daemon\[[0-9]+\]: \[system\] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service' requested by
  214. ~~~~redhat/fedora~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  215. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: SERVICE_(START|STOP) pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ ses=[0-9]+ msg='unit=(logrotate|man-db|shadow|systemd-tmpfiles-clean|systemd-resolved) comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=\? res=success'
  216. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit\[[0-9]+\]: <audit-*
  217. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ audit: <audit-[0-9]+>
  218. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: <audit-[0-9]+>
  219. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: audit:
  220. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf/x86
  221. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: DNF version:
  222. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Loaded plugins: migrate
  223. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Metadaten-Zwischenspeicher wurde
  224. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: Zwischenspeicherungsdateien f.r alle Metadaten-Dateien werden erstellt
  225. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: fedora: (metadata )?will expire after [0-9]+ seconds
  226. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: not found (delta|update)info for: Fedora
  227. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: repo: using cache for: fedora
  228. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: updates: metadata will expire after [0-9]+ seconds and will be refreshed now
  229. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: failed for 'updates', mismatched sha256 sum.
  230. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: reviving: '(updates|fedora)' can be revived.
  231. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnf\[[0-9]+\]: cachedir: /var/cache/dnf
  232. ~~~~mail-dovecot~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  233. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: Warning: Event 0x[0-9a-f]* leaked \(parent=\(nil\)\): auth-client-connection.c
  234. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: auth: (Error|Warning): auth client [0-9]+ disconnected with [0-9]+ pending requests: (Connection reset by peer|EOF)
  235. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: Error: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory
  236. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Error: stat\([/a-z0-9]+.dovecot.sieve/tmp\) failed: Not a directory
  237. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Connection closed
  238. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Inactivity - no input for
  239. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected for inactivity
  240. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user=
  241. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: (Disconnected: )?Logged out in=[0-9]+ out=[0-9]+
  242. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed
  243. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(no auth attempts in [0-9]+ secs\): user=
  244. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Aborted login \(auth failed,
  245. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: (Disconnected: )?Connection closed \(auth failed,
  246. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Aborted login by logging out
  247. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed \(no auth attempts in [0-9]+ secs\): user=
  248. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: read\(size=[0-9]+\) failed: Connection reset by peer \(no auth attempts in [0-9]+ secs\):
  249. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(auth failed,
  250. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
  251. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(no (auth attempts in|input for) [0-9]+ secs\): user=
  252. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Inactivity \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
  253. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
  254. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Too many invalid commands \(no auth attempts in [0-9]+ secs\): user=
  255. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=
  256. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
  257. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_accept\(\) failed: error:
  258. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: imap-login: Disconnected: Connection closed: SSL_read failed: error:
  259. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Connect from local
  260. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Connect from local
  261. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Successful quit|Connection closed \(in DATA finished\))
  262. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Client has quit the connection \(state ?= ?READY\)
  263. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Remote closed connection
  264. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: (Logged out )?\(state=READY\)
  265. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Disconnect from local: Connection closed \(state=READY\)
  266. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: [A-F0-9]+: to=<[^>]*>, relay=[a-z0-9_.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays==[0-9.]+/=[0-9.]+/=[0-9.]+/=[0-9.]+, dsn==[0-9.]+, status=bounced \(host [a-z0-9_.-]+\[private/dovecot-lmtp\] said: 550 5.1.1 <[^>]*> User doesn't exist: [a-zA-Z@0-9_.-]+ \(in reply to RCPT TO command\)\)
  267. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=<[^:]+: (fileinto action: )?stored mail into mailbox
  268. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=unspecified: fileinto action: stored mail into mailbox
  269. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: stored mail into mailbox '
  270. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: sieve: msgid=[^:]+: marked message to be discarded if not explicitly delivered \(discard action\)
  271. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: msgid=[^:]+: saved mail to INBOX
  272. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: lmtp\([-a-z0-9]+\)(<[0-9]+><[^>]+>)?: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to
  273. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([-a-z0-9]+\): Disconnected: Logged out top=
  274. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(no auth attempts in [0-9]+ secs\): user=
  275. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Disconnected \(client didn't finish SASL auth, waited [0-9]+ secs\): user=
  276. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Error: SSL: Stacked error: error:[0-9A-F]+:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
  277. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=
  278. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: pop3\([a-z0-9._]+\): Connection closed top=
  279. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve\([-a-z0-9]+\)<[0-9]+><[^>]+>: Disconnected: Logged out bytes=[0-9/]+
  280. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dovecot\[[0-9]+\]: managesieve-login: Login: user=<[-a-z0-9]+>, method=PLAIN, rip=[a-f0-9.:]+, lip=[a-f0-9.:]+, mpid=[0-9]+, TLS, session=
  281. ~~~~mail-postfix~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  282. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [0-9]+ at
  283. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) count [0-9]+ for
  284. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/anvil\[[0-9]+\]: statistics: max (connection|auth|newtls|message) rate [0-9]+/60s for
  285. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/bounce\[[0-9]+\]: [0-9A-F]+: sender non-delivery notification: [0-9A-F]+
  286. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: (resent-)?message-id=
  287. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/cleanup\[[0-9]+\]: [0-9A-F]+: reject: header
  288. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/local\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=local, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \((delivered to command:|forwarded as [0-9A-F]+)
  289. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [A-F0-9]+: breaking line > [0-9]+ bytes with <CR><LF>
  290. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\)
  291. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-z0-9.-]+\[private/dovecot-lmtp\], conn_use=[0-9]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 [0-9.]+ <[^>]*> [^ ]+ Saved\)
  292. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/lmtp\[[0-9]+\]: Warning: [^:]+: sieve: file storage: Active sieve script symlink [^ ]+ points to non-existent script \(points to
  293. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/master\[[0-9]+\]: /etc/postfix/master.cf: line [0-9]+: using backwards-compatible default setting chroot=y
  294. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/pickup\[[0-9]+\]: [0-9A-F]+: uid=[0-9]+ from=
  295. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: [0-9A-F]+: removed
  296. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/postsuper\[[0-9]+\]+: Deleted: [0-9]+ message
  297. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: from=<[^>]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)
  298. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: removed
  299. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/qmgr\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25
  300. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: domain lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%
  301. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: max simultaneous domains=[0-9]+ addresses=[0-9]+ connection=[0-9]+
  302. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/scache\[[0-9]+\]: statistics: start interval
  303. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: Cannot start TLS: handshake failure
  304. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] refused to talk to me: 421 [a-z0-9.-]+ Service unavailable - try again later
  305. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250
  306. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[A-Za-z0-9.-]+\[[0-9a-f.:]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(Cannot start TLS: handshake failure\)
  307. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection timed out\)
  308. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\)
  309. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: [0-9A-F]+: enabling PIX workarounds: delay_dotcrlf for [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25
  310. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to end of DATA command\)
  311. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: Host offered STARTTLS:
  312. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: (Untrusted|Trusted|Verified) TLS connection established to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: TLSv
  313. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.0.0, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 451 (Temporary failure, p|4.3.2 P)lease try again later. \(in reply to (RCPT TO|DATA) command\)\)
  314. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, (orig_to=<[^>]*>, )?relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.2.1, status=deferred \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 450 4.2.1 User is receiving mail too quickly \(in reply to (end of DATA|RCPT TO) command\)\)
  315. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] No route to host\)
  316. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\)
  317. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, relay=none, delay=[0-9.]+, delays=[0-9./]+, dsn=4.4.1, status=deferred \(connect to [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25: Connection refused\)
  318. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays==?[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550-5.7.1 [[0-9a-f:. ]+ Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information.
  319. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.7.1, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550[-]5.1.1 Invalid recipient address \(no such address at this site\) \(in reply to RCPT TO command\)\)
  320. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 No Such User Here \(in reply to RCPT TO command\)
  321. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 550 Requested action not taken: mailbox unavailable \(in reply to RCPT TO command\)\)
  322. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtp\[[0-9]+\]: to=<[^>]*>, orig_to=<[^>]*>, relay=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:25, delay=[0-9.]+, delays=[0-9./]+, dsn=5.0.0, status=bounced \(host [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] said: 554 delivery error: [a-z ]*This user doesn't have a yahoo.com account \([a-z0-9@._-]+\) \[-[0-9]+\] - \([a-z0-9._-]+ \(in reply to end of DATA command\)\)
  323. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: (dis)?connect (from|to) [a-zA-Z0-9._-]+\[(unknown|[0-9a-f:.]+)\]
  324. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: bare <LF> received after (CONNECT|STARTTLS) from
  325. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: using backwards-compatible default setting smtp
  326. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_connect error to [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\]
  327. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: SSL_accept error from [a-zA-Z0-9._-]+\[[0-9a-fA-F:.]+\]
  328. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: TLS library problem: error:
  329. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: hostname [0-9a-zA-Z._-]* does not resolve to address [0-9a-fA-F:.]*
  330. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: warning: numeric domain name in resource data of MX record for
  331. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd?\[[0-9]+\]: Anonymous TLS connection established (from|to) [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:(25:)? TLSv1
  332. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: (improper command pipelining|lost connection|timeout) after [A-Z]* (\([0-9]+ bytes\) )?from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
  333. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\], sasl_method=(LOGIN|PLAIN), sasl_username=[a-z0-9-]+
  334. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: client=[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]$
  335. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: [A-F0-9]+: reject: RCPT from unknown\[[0-9a-f:.]+\]: 550 5.1.1 <[a-z0-9.@-]+>: Recipient address rejected: User unknown in (virtual mailbox|local recipient) table; from=
  336. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: lost connection after CONNECT from
  337. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 <[a-zA-Z0-9._-]+\[[0-9a-f:.]+\]>: Client host rejected: Access denied; proto=SMTP
  338. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, \[[0-9.:a-f]+\]; proto=SMTP
  339. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: CONNECT from unknown\[[0-9.:A-F]+\]: 450 4.7.25 Client host rejected: cannot find your hostname, \[[0-9.:a-f]+\]; proto=SMTP
  340. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Domain not found; from=
  341. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.1.8 <[^>]*>: Sender address rejected: Malformed DNS server reply; from=
  342. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.2.0 <[^>]*>: Sender address rejected: Greylisted for [0-9]+ seconds; from=
  343. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: [45]54 [45].7.1 <[^>]*>: Relay access denied;
  344. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 50[0-9]+ 5.5.2 <[^>]*>: Helo command rejected: (need fully-qualified hostname|Invalid name); from=
  345. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 554 5.7.1 Service unavailable; Client host +\[[0-9a-f:.]+\] blocked using
  346. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.1.1 <[^>]*>: Recipient address rejected: User unknown in virtual mailbox table; from=
  347. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 504 5.5.2 <[^>]*>: Sender address rejected: need fully-qualified address; from=
  348. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: (RCPT|MAIL) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 550 5.7.27 <[^>]*>: Sender address rejected: Domain [a-zA-Z0-9._-]+ does not accept mail \(nullMX\); from=
  349. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: MAIL from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: 450 4.7.[0-9]+ Client host rejected: cannot find your( reverse)? hostname,
  350. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from unknown\[unknown\]: Connection reset by peer
  351. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: timeout after [A-Z-]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
  352. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: too many errors after (AUTH|DATA|RCPT|MAIL|BDAT) from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]
  353. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection concurrency limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp
  354. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Connection rate limit exceeded: [0-9]+ from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] for service smtp
  355. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: hostname [a-zA-Z0-9._-]+ does not resolve to address [0-9a-f:.]+ Name or service not known
  356. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\] in MAIL command:
  357. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of MX record for
  358. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: misplaced delimiter:
  359. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: numeric hostname:
  360. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: non-SMTP command from [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]:
  361. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: New TLS session rate limit exceeded
  362. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: Refusing TLS service request from
  363. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: [a-zA-Z0-9._-]+\[[0-9a-f:.]+\]: SASL (PLAIN|LOGIN) authentication failed:
  364. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: TLS library problem: error:[0-9A-F]+:SSL routines:(SSL23_GET_CLIENT_HELLO:unknown protocol|ssl3_read_bytes:sslv3 alert bad certificate):
  365. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: numeric hostname:
  366. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: invalid character
  367. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: action=(greylist|pass), reason=
  368. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning up old (logs|entries)...
  369. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: cleaning (main|clients) database finished. before: [0-9]+, after: [0-9]+
  370. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: whitelisted:
  371. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ postgrey\[[0-9]+\]: [0-9A-F]+: action=pass, reason=triplet found, client_name=
  372. Greylisted
  373. Greylisting
  374. said: 550 spam message rejected by [a-z0-9_.-]+ \(in reply to end of DATA command\)
  375. Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126 to review our Bulk Email 421 4.7.0 Senders Guidelines.
  376. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Pass \((mailfrom|helo)\) identity=(mailfrom|helo); client-ip=
  377. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Softfail \(domain owner discourages use of this host\) identity=(mailfrom|helo); client-ip=
  378. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: None \((no SPF record|mailfrom)\) identity=(mailfrom|helo); client-ip=
  379. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ policyd-spf\[[0-9]+\]: prepend Received-SPF: Permerror \(SPF Permanent Error: Two or more type TXT spf records found.\) identity=(mailfrom|helo); client-ip=
  380. ~~~~roundcube~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  381. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> IMAP Error: Login failed for [a-z0-5.-]+ from [0-9a-f.:]+ AUTHENTICATE [A-Z]+: Authentication failed.
  382. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ roundcube\[[0-9]+\]: <[a-z0-9]+> DB Error: \[1\] no such column: failed_login \(SQL Query: UPDATE "users" SET "failed_login" =
  383. ~~~~dns~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  384. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPACK\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+ [A-Za-z0-9]+
  385. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCP(ACK|DISCOVER|INFORM|OFFER|RELEASE|REQUEST)\([0-9a-z]+\) [0-9.]+ [0-9a-f:]+
  386. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPDISCOVER\([0-9a-z]+\) [0-9a-f:]+
  387. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: Ignoring domain [A-Za-z0-9_.-]+ for DHCP host name [A-Za-z0-9_-]+
  388. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPNAK\([a-z0-9]+\) [0-9.]+ [0-9a-f:]+ wrong address
  389. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: axfr for [a-z.-]*\. from [a-f0-9:.]*
  390. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*\] nsd\[[0-9]*\]: info: axfr for [a-z.-]*\. from [a-f0-9:.]*
  391. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?failed reading from [0-9a-f.:]+ tcp: Connection reset by peer
  392. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: error: )?sendto [0-9a-f:.]+ failed: Network is unreachable
  393. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: info: )?ratelimit (un)?block +type error target
  394. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: packet too small, dropping tcp connection
  395. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: \[[0-9 :.-]*\] nsd\[[0-9]*\]: warning: packet too small, dropping tcp connection
  396. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?query from client: address is:
  397. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?(from|to) server \(local\): address is: (0.0.0.0|::), port is: 53
  398. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nsd\[[0-9]+\]: (\[[0-9-]+ [0-9:.]+\] nsd\[[0-9]+\]: )?(info: )?response to client: address is:
  399. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] info: generate keytag query
  400. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ unbound\[[0-9]+\]: \[[0-9:]*\] error: SSL_handshake syscall: Connection reset by peer
  401. ~~~~salt~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  402. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: KeyError: 'retcode'
  403. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: Traceback \(most recent call last\):
  404. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-minion\[[0-9]+\]: \[INFO \]
  405. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ salt-master\[[0-9]+\]: \[INFO \]
  406. ~~~~web~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  407. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: [0-9a-f:.]+ - - "GET /
  408. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: fdwatch - [0-9]+ polls
  409. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: libhttpd - [0-9]+ strings allocated, [0-9]+ bytes
  410. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: map cache - [0-9]+ allocated, [0-9]+ active
  411. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: timers - [0-9]+ allocated, [0-9]+ active, [0-9]+ free
  412. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: thttpd - [0-9]+ connections
  413. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ thttpd[[0-9]+]: up [0-9]+ seconds, stats for [0-9]+0 seconds:
  414. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ open\(\) "[^ ]+ failed \(2: No such file or directory\), client:
  415. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ "[^"]+" is not found \(2: No such file or directory\), client:
  416. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nginx\[[0-9]+\]: [0-9/]+ [0-9/]+ [0-9:]+ \[error\] [0-9#]+: \*[0-9]+ upstream timed out \(110: Connection timed out\) while reading response header from upstream, client:
  417. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ xinetd\[[0-9]+\]: warning: can't get client address: Connection reset by peer
  418. ~~~~file~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  419. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ minidlnad\[[0-9]+\]: upnphttp.c:[0-9]+: info: Serving DetailID: [0-9]+
  420. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: INFO:
  421. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ umurmurd\[[0-9]+\]: WARN: SSL handshake failed:
  422. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_(browsesync|namequery).c:[0-9]+\(name_query_response\)
  423. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../source3/nmbd/nmbd_browsesync.c:[0-9]+\(find_domain_master_name_query_fail\)
  424. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/lib/tallocmsg.c:[0-9]+\(register_msg_pool_usage\)
  425. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/nmbd/nmbd_nameregister.c:[0-9]+\(wins_registration_timeout\)
  426. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +This response was from IP [0-9a-f.:]+, reporting an IP address of [0-9a-f.:]+
  427. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +query_name_response: Multiple \([0-9]+\) responses received for a query on subnet [0-9a-f.:]+ for name
  428. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +find_domain_master_name_query_fail:
  429. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to find the Domain Master Browser name
  430. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Unable to sync browse lists in this workgroup.
  431. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +wins_registration_timeout: WINS server [0-9.]+ timed out registering IP [0-9.]+
  432. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Registered MSG_REQ_POOL_USAGE
  433. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ nmbd\[[0-9]+\]: +Could not find child [0-9]+ -- ignoring
  434. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:.]+, +[0-9]+\] \.\./source3/lib/sysquotas\.c:[0-9]+\(sys_get_quota\)
  435. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +sys_path_to_bdev\(\) failed for path \[
  436. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../lib/util/access.c
  437. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/smbd/
  438. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: \[[0-9/ :.,]+\] ../../source3/lib/tallocmsg.c:
  439. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +smb_set_file_dosmode: file_set_dosmode of
  440. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +Registered MSG_REQ_POOL_USAGE
  441. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +Could not find child [0-9]+ -- ignoring
  442. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ smbd\[[0-9]+\]: +[a-z0-9]+ (opened|closed) file
  443. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: connect from
  444. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ rsyncd\[[0-9]+\]: rsync allowed access on module
  445. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Creating SSL connection to host
  446. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: Sent mail for [0-9a-z@_.-]+ \(221 2.0.0 Bye\) uid=[0-9]+ username=
  447. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ sSMTP\[[0-9]+\]: SSL connection using
  448. ^[\303\244A-Za-z]{3} [ 0-9][0-9] [0-9:]{8} [a-z0-9_.-]+ kernel: EXT4-fs \([shv]sd[a-z][0-9]*\): mounted filesystem with ordered data mode. Opts:
  449. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~