From: Alexander Barton <alex@barton.de>
Date: Thu, 28 Dec 2017 17:03:12 +0000 (+0100)
Subject: contrib/ngircd.logcheck: Add sample logcheck(8) rules
X-Git-Tag: rel-25-rc1~19
X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=commitdiff_plain;h=619a3f3ff28e49d0f827924d1dbe84c6c3a284c0

contrib/ngircd.logcheck: Add sample logcheck(8) rules
---

diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index 6d16f7ca..29819a18 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -1,6 +1,6 @@
 #
 # ngIRCd -- The Next Generation IRC Daemon
-# Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors
+# Copyright (c)2001-2017 Alexander Barton (alex@barton.de) and Contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,6 +16,7 @@ EXTRA_DIST = README \
 	ngircd-bsd.sh \
 	ngIRCd-Logo.gif \
 	ngircd-redhat.init \
+	ngircd.logcheck \
 	ngircd.service \
 	ngircd.socket \
 	ngircd.spec \
diff --git a/contrib/README b/contrib/README
index 2d38cee9..e7285bf7 100644
--- a/contrib/README
+++ b/contrib/README
@@ -27,6 +27,9 @@ ngircd-bsd.sh
 ngircd-redhat.init
  - Start/stop script for RedHat-based distributions (like CentOS).
 
+ngircd.logcheck
+ - Sample rules for logcheck(8) to ignore "normal" log messages of ngIRCd.
+
 ngircd.service
  - systemd(8) service unit configuration file.
 
diff --git a/contrib/ngircd.logcheck b/contrib/ngircd.logcheck
new file mode 100644
index 00000000..44231542
--- /dev/null
+++ b/contrib/ngircd.logcheck
@@ -0,0 +1,61 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Accepted connection [0-9]+ from ".*:[0-9]+" on socket [0-9]+\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Can't resolve address ".*": Name or service not known \[.*\]\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Can't resolve ".*": Name or service not known$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Can't resolve ".*": No address associated with hostname$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Can't connect\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Client closed connection\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Got QUIT command\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Read error\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): SSL accept error, closing socket\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client ".*" unregistered (connection [0-9]+): Timeout\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Timeout\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Client unregistered \(connection [0-9]+\): Write error\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+: initialized SSL3\.0 using cipher .*\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+: initialized TLS1\.[012] using cipher .*\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+: initialized TLSv1\.[012] using cipher .*\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+: initialized TLSv1 using cipher .*\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+ \(socket [0-9]+\) with ".*:[0-9]+" established\. Now logging in \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Connection [0-9]+ with ".*:[0-9]+" closed \(in: .*, out: .*\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Enabled link compression \(zlib\) on connection [0-9]+\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Establishing connection for ".*" to ".*:[0-9]+" \(.*\), socket [0-9]+ \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: IDENT lookup for connection [0-9]+: ".*"\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: IDENT lookup for connection [0-9]+: no result\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Now listening on .*:[0-9]+ \(socket [0-9]+\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: OpenSSL .* initialized\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Possible forgery: .* resolved to ".*", which has no IP address!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Preparing to establish a new server link for ".*" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Read error on connection [0-9]+ \(socket [0-9]+\): Connection reset by peer!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Server ".*" registered \(via .*, connected to .*, [0-9]+ hops\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Server ".*" unregistered: .* .*\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Server ".*" unregistered: ".*" \(SQUIT from .*\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down all listening sockets \([0-9]+ total\) \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Can't connect\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Client closed connection\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Got QUIT command\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Ping timeout: [0-9]+ seconds\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Read error\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Server going down\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(SSL accept error, closing socket\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Timeout\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Shutting down connection [0-9]+ \(Write error\) with ".*:[0-9]+" \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL connection [0-9]+ shutting down \.\.\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL connection [0-9]+ with ".*:[0-9]+" established\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL connection 18 with ".*:[0-9]+" established\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL connection on socket [0-9]+ failed!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL error: A TLS packet with unexpected length was received\. \[ConnSSL_Read\]\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL error: A TLS packet with unexpected length was received\. \[gnutls_handshake\]\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL error: Broken pipe \[in ConnSSL_Write\(\)\]!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL error: Connection reset by peer \[in ConnSSL_Read\(\)\]!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL error: Connection reset by peer \[in SSL_connect\(\)\]!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: SSL protocol error: SSL_accept \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" changed nick \(connection [0-9]+\): ".*" -> ".*"\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" registered \(connection [0-9]+\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" unregistered \(connection [0-9]+\): Client closed connection\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" unregistered \(connection [0-9]+\): Got QUIT command\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" unregistered \(connection [0-9]+\): Ping timeout: [0-9]+ seconds\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" unregistered \(connection [0-9]+\): Read error\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: User ".*!.*@.*" unregistered \(connection [0-9]+\): Server going down\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: warning: /etc/hosts\.allow, line [0-9]+: can't verify hostname: getaddrinfo\(.*, AF_INET\) failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Write error on connection [0-9]+ \(socket [0-9]+\): Broken pipe!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ngircd\[[0-9]+\]: Write error on connection [0-9]+ \(socket [0-9]+\): Connection reset by peer!$