Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente |
serveur-debian-securite:pense-bete-logcheck [23/07/2019 20:04] – zonewebmaster | serveur-debian-securite:pense-bete-logcheck [29/05/2020 13:51] (Version actuelle) – [Logcheck et freshclam - clamav] zonewebmaster |
---|
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: SSL connection using [._[:alnum:]-]+$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: SSL connection using [._[:alnum:]-]+$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: Sent mail for .*$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: Sent mail for .*$ |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: Sent mail for .* \([0-9]+ [0-9.]+ Bye\) uid=[0-9]+ username=[\._[:alnum:]-]+ outbytes=[0-9]+$ |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: SSL connection using RSA_AES_128_CBC_SHA1$ |
| ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: SSL connection using RSA_AES_256_CBC_SHA1$ |
</code> | </code> |
| |
===== Logcheck et freshclam - clamav ===== | ===== Logcheck et freshclam - clamav ===== |
| |
Pour améliorer les règles concernant l'antivirus **Clamav** et sou outil de mise à jour **freshclam**, nous pouvons ajouter les lignes suivantes dans le fichier// /etc/logcheck//ignore.d.server/clamav-freshclam //avec un éditeur de texte : | Pour améliorer les règles concernant l'antivirus **Clamav** et sou outil de mise à jour **freshclam**, nous pouvons ajouter les lignes suivantes dans le fichier// /etc/logcheck/ignore.d.server/clamav-freshclam //avec un éditeur de texte : |
<code> | <code bash> |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update process started at .*$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update process started at .*$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal: (wake up|re-opening log file)$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal: (wake up|re-opening log file)$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Downloading (daily|safebrowsing|bytecode)(-[0-9]+)?.(cdiff|cvd) \[(100%|\*)\] ?$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Downloading (daily|safebrowsing|bytecode)(-[0-9]+)?.(cdiff|cvd) \[(100%|\*)\] ?$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Empty script safebrowsing-[0-9]+.cdiff, need to download entire database$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Empty script safebrowsing-[0-9]+.cdiff, need to download entire database$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?(WARNING: |\^)Your ClamAV installation is OUTDATED! | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?(WARNING: |\^)Your ClamAV installation is OUTDATED!$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?(WARNING: |\^)Local version: [0-9.]+ Recommended version: [0-9.]+ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?(WARNING: |\^)Local version: [0-9.]+ Recommended version: [0-9.]+$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?DON'T PANIC! Read .* | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?DON'T PANIC! Read .*$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Database updated \([0-9]+ signatures\) from .* | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Database updated \([0-9]+ signatures\) from .*$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Received signal: wake up | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Received signal: wake up$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?ClamAV update process started at .* | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?ClamAV update process started at .*$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Clamd successfully notified about the update. | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?Clamd successfully notified about the update.$ |
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?SelfCheck: Database status OK.$ | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamd\[[0-9]+\]: (\w{3} \w{3} [ :0-9]{16} -> )?SelfCheck: Database status OK.$ |
</code> | </code> |