nix-git/modules/journalwatch.nix

1011 lines
52 KiB
Nix
Raw Normal View History

2024-09-26 14:54:37 +02:00
# Systemd Journal Monitoring.
#
# Alternative:
# journal-biref
# https://github.com/twaugh/journal-brief
# https://opensource.com/article/20/7/systemd-journals-email
# Write to Systemd Journal:
# echo 'hello' | systemd-cat -p emerg
# echo 'hello' | systemd-cat -t someapp -p emerg
# View Systemd Journal.
# Output similar to dmesg
# journalctl -b -k
# Filter by app:
# journalctl -b -t someapp
# Filter by priority:
# journalctl -b -p 5
# Manually execute journalwatch timer:
# sudo systemctl start journalwatch.service
# View generated journalwatch config:
# cat "$(systemctl show -P FragmentPath journalwatch.service)" | grep XDG_CONFIG_HOME
# #=> /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config
# cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/config
# cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/patterns
# Find a message and view its details
# journalctl -b -p5 -o json-pretty
# Then press "/", enter a pattern and press "Enter".
{ config, pkgs, ... }:
2024-09-26 12:54:16 +02:00
let
sshd_filter = ''
2024-09-26 14:54:37 +02:00
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+
# TODO: Change RSA key of yodaHedgehog to ED25519
2024-09-26 12:54:16 +02:00
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
pam_unix\(sshd:session\): session opened for user \S+ by \S+
Received disconnect from \S+ port \S+:11: disconnected by user
Disconnected from user \S+ \S+ port \S+
pam_unix\(sshd:session\): session closed for user \S+
#
# Somebody evil ...
#
banner exchange: Connection from \S+ port \S+: invalid format
banner exchange: Connection from \S+ port \S+: could not read protocol version
Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
Unable to negotiate with \S+ port \S+: no matching key exchange method found. Their offer: \S+ \[preauth\]
Invalid user \S+ from \S+ port \S+
2024-09-26 17:06:04 +02:00
Disconnected from \S+ port \S+ \[preauth\]
2024-09-26 12:54:16 +02:00
Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
2024-09-26 17:06:04 +02:00
Disconnected from authenticating user (root|yoda) \S+ port \S+ \[preauth\]
2024-09-26 12:54:16 +02:00
Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
2024-09-28 22:20:04 +02:00
Connection reset by invalid user \S+ \S+ port \S+ \[preauth\]
2024-09-26 17:06:04 +02:00
Connection reset by authenticating user (root|yoda) \S+ port \S+ \[preauth\]
2024-09-26 12:54:16 +02:00
Connection reset by \S+ port \S+ \[preauth\]
Connection reset by \S+ port \S+
Connection closed by \S+ port \S+
Connection closed by \S+ port \S+ \[preauth\]
2024-09-26 17:06:04 +02:00
Connection closed by authenticating user (root|yoda) \S+ port \S+ \[preauth\]
2024-09-26 12:54:16 +02:00
Connection closed by invalid user \S+ \S+ port \S+ \[preauth\]
error: kex_exchange_identification: banner line contains invalid characters
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
error: kex_exchange_identification: Connection closed by remote host
error: kex_exchange_identification: read: Connection reset by peer
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
error: PAM: Authentication failure for \S+ from \S+
error: PAM: Authentication failure for illegal user \S+ from \S+
error: Protocol major versions differ: 2 vs\. 1
error: beginning MaxStartups throttling
fatal: Timeout before authentication for \S+ port [0-9]+
'';
in
{
assertions = [{
assertion = config.services.opensmtpd.enable;
message = "journalwatch requires a configured sendmail MTA, see sendmail-mta.nix.";
}];
services.journalwatch = {
enable = true;
2023-11-22 15:14:29 +01:00
# Same as configured by sendmail MTA.
mailFrom = "langbein@mail.de";
mailTo = "daniel+journalwatch@systemli.org";
#interval = "hourly";
# Lowest priority of message to be considered.
# A value between 7 (“debug”), and 0 (“emerg”).
# Defaults to 6 (“info”). If you don't care about anything with “info” priority, you can reduce this to e.g. 5 (“notice”) to considerably reduce the amount of messages without needing many filterBlocks.
2024-10-17 15:54:00 +02:00
priority = 5; # TODO set to 6
# Default patterns: https://github.com/The-Compiler/journalwatch/blob/363725ac4b8aa841d87654fa8a63403a59ad1275/journalwatch.py#L71
2023-09-29 17:25:03 +02:00
# If the value of `match` starts and ends with a forward-slash, it is interpreted as a regular expression, if not, it's an exact match.
# `filters` are always regular expressions.
# All regular expressions have to match the full string!
2023-09-30 23:20:39 +02:00
#
2023-10-11 19:12:57 +02:00
# TODO: To insert `\` in the generated configuration, we have to use "\\" in double-quoted strings.
2023-09-30 23:20:39 +02:00
# TODO: A ''\s'' in the multiline string `filter` is inserted as `\s` in the generated config file.
#
filterBlocks = [
2023-09-20 15:39:26 +02:00
2023-09-29 13:10:26 +02:00
#
# _TRANSPORT
#
{ # yodaNas
filters = ''
2023-11-03 16:11:40 +01:00
booting system configuration /nix/store/\S+
2023-09-29 13:10:26 +02:00
'';
match = "_TRANSPORT = kernel";
}
2023-09-23 19:16:38 +02:00
#
# _SYSTEMD_CGROUP
#
2023-09-29 17:25:03 +02:00
#
2024-09-26 14:54:37 +02:00
# CONTAINER_NAME # TODO use IMAGE_NAME instead
2023-09-29 17:25:03 +02:00
#
{ # yodaNas
filters = ''
.*
'';
2024-10-17 15:54:00 +02:00
match = "CONTAINER_NAME = /(nginx-proxy|nc_web_[^-_\\s]+|nginx_arch\\.p1st\\.de|recipe\\.privacy1st\\.de_nginx|nginx_privacy1st\\.de)/";
2023-09-29 17:25:03 +02:00
}
{ # yodaNas
# TODO: Open issue on GitHub https://github.com/nginx-proxy/nginx-proxy/issues/1256. Maybe set env variable RESOLVERS=1.1.1.1?
filters = ''
2023-10-03 18:40:41 +02:00
\S+ \S+ \[warn\] [0-9]+#[0-9]+: no resolver defined to resolve r3\.o\.lencr\.org while requesting certificate status, responder: r3\.o\.lencr\.org, certificate: "/etc/nginx/certs/\S+\.crt"
\S+ \S+ \[error\] [0-9]+#[0-9]+: OCSP responder sent invalid "Content-Type" header: "text/html" while requesting certificate status, responder: r3\.o\.lencr\.org, peer: \S+, certificate: "/etc/nginx/certs/\S+\.crt"
2023-11-11 12:04:28 +01:00
\S+ \S+ \[error\] [0-9]+#[0-9]+: recv\(\) failed \(111: Connection refused\) while requesting certificate status, responder: r3\.o\.lencr\.org, peer: \S+, certificate: "/etc/nginx/certs/\S+\.crt"
2023-11-14 11:13:23 +01:00
\S+ \S+ \[error\] [0-9]+#[0-9]+: recv\(\) failed \(104: Connection reset by peer\) while requesting certificate status, responder: r3\.o\.lencr\.org, peer: \S+, certificate: "/etc/nginx/certs/\S+\.crt"
2023-11-11 12:04:28 +01:00
\S+ \S+ \[error\] [0-9]+#[0-9]+: OCSP responder prematurely closed connection while requesting certificate status, responder: r3\.o\.lencr\.org, peer: \S+, certificate: "/etc/nginx/certs/\S+\.crt"
2023-11-08 19:34:23 +01:00
#
2024-02-23 17:48:46 +01:00
\S+ \S+ \[error\] [0-9]+#[0-9]+: \*[0-9]+ upstream timed out \(110: Operation timed out\) while reading upstream, client: .*"
\S+ \S+ \[error\] [0-9]+#[0-9]+: \*[0-9]+ connect\(\) failed \(111: Connection refused\) while connecting to upstream, client: .*"
\S+ \S+ \[error\] [0-9]+#[0-9]+: \*[0-9]+ upstream prematurely closed connection while reading response header from upstream, client: .*"
2023-09-29 17:25:03 +02:00
'';
match = "CONTAINER_NAME = nginx-proxy";
}
2024-09-14 21:54:13 +02:00
{ # yodaNas
filters = ''
127.0.0.1 - - \[\S+ \S+\] "GET \S+ \S+" [0-9]+ [0-9]+ "-" "[^"]"
'';
match = "CONTAINER_NAME = money.p1st.de";
}
2023-09-29 17:25:03 +02:00
2023-09-24 22:07:58 +02:00
#
# IMAGE_NAME
#
2023-09-30 15:58:06 +02:00
{ # yodaNas, yodaYoga
2023-09-24 22:07:58 +02:00
filters = ''
2023-09-29 17:25:03 +02:00
.*
2023-09-24 22:07:58 +02:00
'';
2024-09-24 21:18:37 +02:00
match = "IMAGE_NAME = /(redis:alpine|p1st/docker-gen:.+|nginxproxy/acme-companion|thetorproject/snowflake-proxy:.+|collabora/code|wordpress|danielszabo99/microbin|p1st/mastodon-toot-follower:.+|browserless/chrome|vabene1111/recipes)/";
2023-09-30 14:25:11 +02:00
}
2023-09-30 15:58:06 +02:00
{ # yodaNas
2023-09-30 14:25:11 +02:00
filters = ''
2023-10-03 16:10:21 +02:00
\S+ \S+ \[error\] [0-9]+#[0-9]+: \S+ open\(\) "/usr/share/nginx/html/robots\.txt" failed \(2: No such file or directory\), client: \S+, server: localhost, request: "GET /robots\.txt HTTP/[^"]+", host: "[^"]+"
#
2023-10-08 16:31:33 +02:00
\S+ \S+ \[notice\] [0-9]+#[0-9]+: signal 3 \(SIGQUIT\) received, shutting down
\S+ \S+ \[notice\] [0-9]+#[0-9]+: gracefully shutting down
\S+ \S+ \[notice\] [0-9]+#[0-9]+: exiting
\S+ \S+ \[notice\] [0-9]+#[0-9]+: exit
\S+ \S+ \[notice\] [0-9]+#[0-9]+: signal 17 \(SIGCHLD\) received from [0-9]+
\S+ \S+ \[notice\] [0-9]+#[0-9]+: worker process [0-9]+ exited with code 0
2023-10-03 16:10:21 +02:00
#
2023-10-16 14:37:59 +02:00
\S+ \S+ \[notice\] [0-9]+#[0-9]+: signal 29 \(SIGIO\) received
#
2023-10-08 16:31:33 +02:00
\S+ \S+ \[notice\] [0-9]+#[0-9]+: signal 1 \(SIGHUP\) received, reconfiguring
\S+ \S+ \[notice\] [0-9]+#[0-9]+: reconfiguring
\S+ \S+ \[notice\] [0-9]+#[0-9]+: using the "epoll" event method
\S+ \S+ \[notice\] [0-9]+#[0-9]+: nginx/\S+
2023-10-09 13:12:36 +02:00
\S+ \S+ \[notice\] [0-9]+#[0-9]+: built by gcc \S+ \S+ \(Alpine \S+\)
2023-10-08 16:31:33 +02:00
\S+ \S+ \[notice\] [0-9]+#[0-9]+: OS: Linux \S+
\S+ \S+ \[notice\] [0-9]+#[0-9]+: getrlimit\(RLIMIT_NOFILE\): [0-9]+:[0-9]+
\S+ \S+ \[notice\] [0-9]+#[0-9]+: start worker processes
\S+ \S+ \[notice\] [0-9]+#[0-9]+: start worker process [0-9]+
2023-09-30 14:25:11 +02:00
'';
2023-10-11 19:12:57 +02:00
match = "IMAGE_NAME = /nginx:\\S+/";
2023-09-24 22:07:58 +02:00
}
2023-09-29 13:10:26 +02:00
{ # yodaNas
2023-10-11 19:12:57 +02:00
# TODO: logged IP is not the public one, but always 172.24.0.6.
2023-09-29 13:10:26 +02:00
filters = ''
Could not yet connect with DB\. Retrying in 10s \.\.\.
2023-10-03 16:10:21 +02:00
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
\[\S+ \S+\] NOTICE: ready to handle connections
2024-03-06 14:14:02 +01:00
#
\s+Starting ...
2024-10-22 12:57:58 +02:00
# Example:
# 1/1 [============================] 100%
\s+[0-9]+/[0-9]+ \[[>=-]+\]\s+[0-9]+% Starting ...
\s+[0-9]+/[0-9]+ \[[>=-]+\]\s+[0-9]+%
2024-08-24 15:08:42 +02:00
\s+[0-9]+/[0-9]+ \[[>=-]+\]\s+[0-9]+%\s+[0-9]+ \[[>=-]+\]
2024-03-06 14:14:02 +01:00
#
\s+[0-9]+ \[[>=-]+\] [0-9]+ \[[>=-]+\]
\s+[0-9]+ \[[>=-]+\]
\s+[0-9]+ \[[>=-]+\]\[\S+ \S+\] NOTICE: fpm is running, pid [0-9]+
2023-10-03 16:10:21 +02:00
\[\S+ \S+\] NOTICE: fpm is running, pid [0-9]+
2023-11-24 13:55:08 +01:00
mimetypelist\.js is updated
2023-10-04 11:30:21 +02:00
\[\S+ \S+\] NOTICE: Finishing \.\.\.
\[\S+ \S+\] NOTICE: exiting, bye-bye!
2023-10-05 13:20:30 +02:00
# Ignore: At least one idle child was left.
2024-09-05 18:54:59 +02:00
# TODO: Occasionally check how often this warning is logged.
2023-10-05 13:20:30 +02:00
\[\S+ \S+\] WARNING: \[pool www\] seems busy \(you may need to increase pm\.start_servers, or pm\.min/max_spare_servers\), spawning [0-9]+ children, there are [1-9][0-9]* idle, and [0-9]+ total children
2023-10-12 22:46:41 +02:00
\[\S+ \S+\] WARNING: \[pool www\] seems busy \(you may need to increase pm\.start_servers, or pm\.min/max_spare_servers\), spawning [1-9][0-9]* children, there are 0 idle, and [0-9]+ total children
2023-10-03 16:10:21 +02:00
#
2023-09-29 13:10:26 +02:00
# 1.1.1.1 - 28/Sep/2023:21:03:39 +0000 "GET /status.php" 200
# 1.1.1.1 - 28/Sep/2023:21:12:16 +0000 "GET /index.php" 200
# 1.1.1.1 - my-username 28/Sep/2023:21:20:16 +0000 "DELETE /index.php" 200
# 1.1.1.1 - my-username 28/Sep/2023:21:10:18 +0000 "PROPFIND /remote\.php" 207
# 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304
# 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304
2024-10-29 10:53:09 +01:00
#
2024-11-01 22:12:08 +01:00
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - .* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PUT|REPORT|SEARCH) (/index\.php|/status\.php|/public\.php|/remote\.php|/ocs/(v1|v2)\.php)" [2-5][0-2][0-9]
2024-10-29 20:24:22 +01:00
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - .* \S+ \+0000 "(GET|HEAD) (/ocm|/ocs)-provider/index\.php" 200
2024-09-24 22:19:55 +02:00
#
2024-09-26 12:58:00 +02:00
crond: USER www-data pid\s+[0-9]+ cmd php -f /var/www/html/cron\.php
2023-09-29 13:10:26 +02:00
'';
2023-11-22 21:38:10 +01:00
match = "IMAGE_NAME = /p1st/nextcloud:(25|26|27|stable)-fpm-alpine/";
2023-09-29 13:10:26 +02:00
}
2024-01-06 21:50:12 +01:00
{ # yodaNas
filters = ''
\s+[0-9]+ \[[>-]+\] [0-9]+ \[[>-]+\]
\s+[0-9]+ \[[>-]+\]
\s+[0-9]+ \[[>-]+\]\[\S+ \S+\] NOTICE: fpm is running, pid [0-9]+
2024-09-24 18:22:34 +02:00
#
Configuring Redis as session handler
=> Searching for scripts \(\*\.sh\) to run, located in the folder: /docker-entrypoint-hooks\.d/before-starting
Executing /occ_entrypoint\.sh
Waiting for DB connection \.\.\.
installed and image version:
\s+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
Nextcloud is installed\.
occ command /env/001: upgrade
Nextcloud is already latest version
occ command /env/002: user:setting \S+ settings email \S+
occ command /env/003: config:system:delete trusted_domains
System config value trusted_domains deleted
occ command /env/004: config:system:set trusted_domains [0-9]+ --value=\S+
System config value trusted_domains => [0-9]+ set to string \S+
occ command /env/007: config:system:set --value '172\.16\.0\.0/12' 'trusted_proxies' '0'
System config value trusted_proxies => 0 set to string 172\.16\.0\.0/12
occ command /env/009: config:system:set --type=string --value 'https' 'overwriteprotocol'
System config value overwriteprotocol set to string https
occ command /env/010: config:system:set --type=string --value '\S+' 'overwrite\.cli\.url'
System config value overwrite\.cli\.url set to string https://\S+
occ command /env/011: db:add-missing-columns
Done\.
occ command /env/011: db:add-missing-primary-keys
occ command /env/012: db:add-missing-indices
occ command /env/014: db:convert-filecache-bigint --no-interaction
All tables already up to date!
occ command /env/015: encryption:migrate-key-storage-format
Updating key storage format
Start to update the keys:
Key storage format successfully updated
occ command /env/016: maintenance:repair --include-expensive
- Repair MySQL collation
- All tables already have the correct collation -> nothing to do
- Clean tags and favorites
- 0 tags of deleted users have been removed\.
- 0 tags for delete files have been removed\.
- 0 tag entries for deleted tags have been removed\.
- 0 tags with no entries have been removed\.
- Repair invalid shares
- Move \.step file of updater to backup location
- Add move avatar background job
- Repair step already executed
- Add preview cleanup background jobs
- Migrate oauth2_clients table to nextcloud schema
- Update the oauth2_access_tokens table schema\.
- Update the oauth2_clients table schema\.
- Delete clients \(and their related access tokens\) with the redirect_uri starting with oc:// or ending with \*
- Fix potential broken mount points
- No mounts updated
- Repair language codes
- Add log rotate job
- Clear frontend caches
- Image cache cleared
- JS cache cleared
- Clear every generated avatar
- Add preview background cleanup job
- Queue a one-time job to cleanup old backups of the updater
- Cleanup invalid photocache files for carddav
- Add background job to cleanup login flow v2 tokens
- Remove potentially over exposing share links
- No need to remove link shares\.
- Clear access cache of projects
- Reset generated avatar flag
- Keep legacy encryption enabled
- Check encryption key format
- Remove old dashboard app config data
- Add job to cleanup the bruteforce entries
- Queue a one-time job to check for user uploaded certificates
- Repair DAV shares
- Add background job to set the lookup server share state for users
- Add token cleanup job
- Clean up abandoned apps
- Add possibly missing system config
- Add AI tasks cleanup job
- Queue a job to generate metadata
- migrate lazy config values
- Cache logo dimension to fix size in emails on Outlook
- Logo dimensions are already known
- Remove shares of old group memberships
- Repair mime types
- Validate the phone number and store it in a known format for search
- Handle outdated scheduling events
- Cleaning up old scheduling events
- Deduplicate shared bookmark folders
- Removed 0 duplicate shares
- Remove superfluous shared bookmark folders
- Removed 0 superfluous shares
- Remove orphaned bookmark shares
- Removed 0 orphaned shares
- Removed 0 orphaned public links
- Remove orphaned bookmark tree items
- Removed 0 orphaned \S+ entries
- Reinserted 0 orphaned children entries
- Reinserted 0 orphaned bookmarks
- Update bookmark group shares
- Removed 0 users and added 0 users to 0 groups
- Removed 0 shares
- Upgrading Circles App
- Fix component of birthday calendars
- 8 birthday calendars updated\.
- Regenerating birthday calendars to use new icons and fix old birthday events without year
- Fix broken values of calendar objects
- Registering building of calendar search index as background job
- Register building of social profile search index as background job
- Registering background jobs to update cache for webcal calendars
- Added 0 background jobs to update webcal calendars
- Registering building of calendar reminder index as background job
- Clean up orphan event and contact data
- 0 \S+ without a calendar have been cleaned up
- Remove activity entries of private events
- Removed 0 activity entries
- Clean up old calendar subscriptions from deleted users that were not cleaned-up
- 0 calendar subscriptions without an user have been cleaned up
- Remove invalid object properties
- 0 invalid object properties removed\.
- 0 invalid object properties removed.
- Copy the share password into the dedicated column
- Set existing shares as accepted
- Migrate timestamp values to integer to store unix epoch
- Remove the unused News update job
- Job does not exist, all good
- Update OAuth token expiration times
- init metadata
- Polls - Drop orphaned tables
- No orphaned tables found
- Polls - Drop orphaned columns
- Polls - Create hashes for votes and options
- Updated [0-9]+ option hashes
- Updated [0-9]+ vote hashes
- Polls - Delete duplicates and orphaned records
- Polls - Create indices and foreign key constraints
- Added oc_polls_polls\['poll_id'\] <- oc_polls_\S+\['id'\]
- Index \S+ already exists in oc_polls_\S+
- Polls - Foreign key contraints created\.
- Polls - Indices created\.
- Create help command
- Invalidate access cache for projects conversation provider
- Invalidation not required
- Cache the user display names
- Send an admin notification if monthly report is disabled
- Force-reset all Text document sessions
- Initialize migration of background images from dashboard to theming app
- Add background job to check for backup codes
- Populating added database structures for workflows
occ command /env/017: app:update --all
#
(drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations) new version available: [0-9]+\.[0-9]+\.[0-9]+
(drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations) updated
No such app enabled: (drawio|memories|metadata|gpoddersync|deck|bookmarks|recommendations)
#
occ command /env/018: config:system:set --type=string --value '/shared' 'share_folder'
System config value share_folder set to string /shared
occ command /env/019: config:system:delete 'skeletondirectory'
System config value skeletondirectory deleted
occ command /env/020: config:system:set --type=string --value 'DE' 'default_phone_region'
System config value default_phone_region set to string DE
occ command /env/021: config:system:set --type=integer --value '30' 'activity_expire_days'
System config value activity_expire_days set to integer 30
occ command /env/022: config:system:set --type=boolean --value 'false' 'activity_use_cached_mountpoints'
System config value activity_use_cached_mountpoints set to boolean false
2024-01-06 21:50:12 +01:00
'';
match = "IMAGE_NAME = /nc_app_[^-_\\s]+/";
}
2023-10-03 15:32:39 +02:00
{ # yodaNas
filters = ''
2023-10-03 19:18:28 +02:00
\S+ \S+ 0 \[Note\] Starting MariaDB \S+ source revision \S+ as process 1
\S+ \S+ 0 \[Note\] InnoDB: Compressed tables use zlib \S+
\S+ \S+ 0 \[Note\] InnoDB: Number of transaction pools: 1
\S+ \S+ 0 \[Note\] InnoDB: Using crc32 \+ pclmulqdq instructions
\S+ \S+ 0 \[Note\] InnoDB: Using liburing
\S+ \S+ 0 \[Note\] InnoDB: Initializing buffer pool, total size = 1\.000GiB, chunk size = 16\.000MiB
\S+ \S+ 0 \[Note\] InnoDB: Completed initialization of buffer pool
\S+ \S+ 0 \[Note\] InnoDB: Buffered log writes \(block size=512 bytes\)
\S+ \S+ 0 \[Note\] InnoDB: End of log at LSN=\S+
2023-10-04 14:04:19 +02:00
\S+ \S+ 0 \[Note\] InnoDB: Opened 3 undo tablespaces
\S+ \S+ 0 \[Note\] InnoDB: 128 rollback segments in 3 undo tablespaces are active\.
\S+ \S+ 0 \[Note\] InnoDB: 128 rollback segments are active\.
2023-10-03 19:18:28 +02:00
\S+ \S+ 0 \[Note\] InnoDB: Setting file '\./\S+' size to 12\.000MiB\. Physically writing the file full; Please wait \.\.\.
\S+ \S+ 0 \[Note\] InnoDB: File '\./\S+' size is now 12\.000MiB\.
\S+ \S+ 0 \[Note\] InnoDB: log sequence number \S+; transaction id \S+
\S+ \S+ 0 \[Note\] InnoDB: Loading buffer pool\(s\) from /var/lib/mysql/ib_buffer_pool
\S+ \S+ 0 \[Note\] InnoDB: Read redo log up to LSN=\S+
\S+ \S+ 0 \[Note\] InnoDB: Buffer pool\(s\) load completed at \S+ \S+
\S+ \S+ 0 \[Note\] Plugin 'FEEDBACK' is disabled\.
\S+ \S+ 0 \[Note\] Server socket created on IP: '0.0.0.0'\.
\S+ \S+ 0 \[Note\] Server socket created on IP: '::'\.
\S+ \S+ 0 \[Note\] mariadbd: ready for connections\.
Version: '\S+' socket: '/run/mysqld/mysqld.sock' port: \S+ mariadb\.org binary distribution
#
2023-10-03 15:32:39 +02:00
\S+ \S+ 0 \[Note\] mariadbd \(initiated by: unknown\): Normal shutdown
\S+ \S+ 0 \[Note\] InnoDB: FTS optimize thread exiting\.
\S+ \S+ 0 \[Note\] InnoDB: Starting shutdown\.\.\.
\S+ \S+ 0 \[Note\] InnoDB: Dumping buffer pool\(s\) to /var/lib/mysql/ib_buffer_pool
\S+ \S+ 0 \[Note\] InnoDB: Buffer pool\(s\) dump completed at \S+ \S+
\S+ \S+ 0 \[Note\] InnoDB: Removed temporary tablespace data file: "\./ibtmp1"
\S+ \S+ 0 \[Note\] InnoDB: Shutdown completed; log sequence number \S+; transaction id \S+
\S+ \S+ 0 \[Note\] mariadbd: Shutdown complete
\s*
'';
2023-10-04 14:04:19 +02:00
match = "IMAGE_NAME = /mariadb(:.+)?/";
2023-10-03 15:32:39 +02:00
}
{ # yodaNas
filters = ''
2024-08-24 15:08:42 +02:00
\S+ \S+ UTC \[[0-9]+\] LOG:\s+starting PostgreSQL \S+ on x86_64-pc-linux-musl, compiled by gcc \(Alpine \S+\) \S+ \S+, 64-bit
2024-02-23 14:10:04 +01:00
\S+ \S+ UTC \[[0-9]+\] LOG:\s+checkpoint starting: time
#
2023-10-16 16:09:17 +02:00
\S+ \S+ UTC \[[0-9]+\] LOG:\s+listening on IPv4 address \S+, port 5432
\S+ \S+ UTC \[[0-9]+\] LOG:\s+listening on IPv6 address \S+, port 5432
\S+ \S+ UTC \[[0-9]+\] LOG:\s+listening on Unix socket \S+
2023-10-16 14:37:59 +02:00
\S+ \S+ UTC \[[0-9]+\] LOG:\s+database system was shut down at \S+ \S+ UTC
\S+ \S+ UTC \[[0-9]+\] LOG:\s+database system is ready to accept connections
2023-10-04 14:04:19 +02:00
#
2023-10-16 14:37:59 +02:00
\S+ \S+ UTC \[[0-9]+\] LOG:\s+received fast shutdown request
\S+ \S+ UTC \[[0-9]+\] LOG:\s+aborting any active transactions
\S+ \S+ UTC \[[0-9]+\] FATAL:\s+terminating connection due to administrator command
\S+ \S+ UTC \[[0-9]+\] LOG:\s+shutting down
\S+ \S+ UTC \[[0-9]+\] LOG:\s+database system is shut down
2024-02-22 15:11:02 +01:00
#
\S+ \S+ UTC \[[0-9]+\] LOG:\s+checkpoint starting: shutdown immediate
\S+ \S+ UTC \[[0-9]+\] LOG:\s+checkpoint complete: .*
# background worker "logical replication launcher" (PID 28) exited with exit code 1 -> See https://postgrespro.com/list/thread-id/2498034
2023-10-03 15:32:39 +02:00
'';
2023-10-20 12:44:51 +02:00
match = "IMAGE_NAME = /postgres:.+/";
2023-10-03 15:32:39 +02:00
}
2023-09-29 13:10:26 +02:00
{ # yodaNas
filters = ''
2023-10-16 14:37:59 +02:00
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] MySQL Server - start\.
\S+ [0-9]+ \[Warning\] \[MY-[0-9]+\] \[Server\] Plugin mysql_native_password reported: '''mysql_native_password' is deprecated and will be removed in a future release\. Please use caching_sha2_password instead'
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] /usr/sbin/mysqld \(mysqld \S+\) starting as process 1
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[InnoDB\] InnoDB initialization has started\.
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[InnoDB\] InnoDB initialization has ended\.
\S+ [0-9]+ \[Warning\] \[MY-[0-9]+\] \[Server\] CA certificate ca\.pem is self signed\.
2023-10-16 16:09:17 +02:00
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] Channel mysql_main configured to support TLS\. Encrypted connections are now supported for this channel\.+
\S+ [0-9]+ \[Warning\] \[MY-[0-9]+\] \[Server\] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users\. Consider choosing a different directory\.+
2023-11-16 11:05:59 +01:00
\S+ [0-9]+ \[Warning\] \[MY-[0-9]+\] \[Server\] The syntax '--skip-host-cache' is deprecated and will be removed in a future release\. Please use SET GLOBAL host_cache_size=0 instead\.
\S+ [0-9]+ \[Warning\] \[MY-[0-9]+\] \[Server\] 'SET_USER_ID' \(granted to '\S+'\) is deprecated and will be removed in a future release\.
2023-10-16 14:37:59 +02:00
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] X Plugin ready for connections\. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx\.sock
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] /usr/sbin/mysqld: ready for connections\. Version: '\S+' socket: '/var/run/mysqld/mysqld\.sock' port: 3306 MySQL Community Server - GPL\.
2023-10-16 16:09:17 +02:00
#
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] Received SHUTDOWN from user <via user signal>\. Shutting down mysqld \(Version: \S+\)\.
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] /usr/sbin/mysqld: Shutdown complete \(mysqld \S+\) MySQL Community Server - GPL\.
\S+ [0-9]+ \[System\] \[MY-[0-9]+\] \[Server\] MySQL Server - end\.
2023-09-29 13:10:26 +02:00
'';
match = "IMAGE_NAME = /mysql:[0-9]+/";
}
2024-09-26 12:54:16 +02:00
{
filters = sshd_filter;
match = "IMAGE_NAME = gitea/gitea:1";
}
2023-09-29 13:10:26 +02:00
{ # yodaNas
filters = ''
2023-10-03 19:18:28 +02:00
crond: crond \(busybox \S+\) started, log level [0-9]+
2023-10-03 16:15:18 +02:00
crond: USER root pid\s+[0-9]+ cmd wget -qO- http://money\.p1st\.de:8080/api/v1/cron/\S+ > /proc/1/fd/1 2>/proc/1/fd/2
2023-09-29 13:10:26 +02:00
'';
match = "IMAGE_NAME = busybox";
}
2023-10-03 19:03:59 +02:00
{ # yodaNas
filters = ''
2023-10-16 16:09:17 +02:00
AH[0-9]+: apache2: Could not reliably determine the server's fully qualified domain name, using \S+\. Set the 'ServerName' directive globally to suppress this message
2024-09-10 12:13:58 +02:00
\[\S+ \S+ \S+ \S+ \S+\] \[mpm_prefork:notice\] \[pid 1(:tid 1)?\] AH[0-9]+: Apache/\S+ \(Debian\) configured -- resuming normal operations
2023-10-16 16:09:17 +02:00
\[\S+ \S+ \S+ \S+ \S+\] \[core:notice\] \[pid 1\] AH[0-9]+: Command line: 'apache2 -D FOREGROUND'
2023-10-16 15:40:51 +02:00
> Illuminate\\Foundation\\ComposerScripts::postAutoloadDump
2023-10-16 14:37:59 +02:00
wait-for-it\.sh: waiting 60 seconds for \S+:3306
wait-for-it\.sh: \S+:3306 is available after [0-9]+ seconds
2023-10-16 16:09:17 +02:00
#
\[\S+ \S+ \S+ \S+ \S+\] \[mpm_prefork:notice\] \[pid 1\] AH[0-9]+: caught SIGWINCH, shutting down gracefully
2024-09-24 22:17:46 +02:00
#
127\.0\.0\.1 - - \[\S+ \S+\] "GET /health HTTP/1\.1" 200 [0-9]+ "-" "(User-Agent: )?Firefly III Health Checker/\S+"
2024-09-26 12:58:00 +02:00
172\.23\.0\.3 - - \[\S+ \S+\] "GET /api/v1/cron/\S+ HTTP/1\.1" 200 [0-9]+ "-" "Wget"
2023-10-03 19:03:59 +02:00
'';
match = "IMAGE_NAME = fireflyiii/core:latest";
}
{ # yodaNas
filters = ''
2023-10-16 16:09:17 +02:00
AH[0-9]+: apache2: Could not reliably determine the server's fully qualified domain name, using \S+\. Set the 'ServerName' directive globally to suppress this message
2024-09-10 12:13:58 +02:00
\[\S+ \S+ \S+ \S+ \S+\] \[mpm_prefork:notice\] \[pid 1(:tid 1)?\] AH[0-9]+: Apache/\S+ \(Debian\) configured -- resuming normal operations
2024-08-28 18:20:45 +02:00
\[\S+ \S+ \S+ \S+ \S+\] \[core:notice\] \[pid 1(:tid 1)?\] AH[0-9]+: Command line: 'apache2 -D FOREGROUND'
2023-10-16 14:37:59 +02:00
#
2024-08-28 18:20:45 +02:00
\[\S+ \S+ \S+ \S+ \S+\] \[mpm_prefork:notice\] \[pid 1(:tid 1)?\] AH[0-9]+: caught SIGWINCH, shutting down gracefully
2024-09-24 22:17:46 +02:00
#
127\.0\.0\.1 - - \[\S+ \S+\] "GET /health HTTP/1\.1" 200 [0-9]+ "-" "(User-Agent: )?Firefly III Health Checker/\S+"
2023-10-03 19:03:59 +02:00
'';
match = "IMAGE_NAME = fireflyiii/data-importer:latest";
}
2023-09-29 13:10:26 +02:00
{ # yodaNas
filters = ''
.*
'';
2023-10-11 19:12:57 +02:00
match = "IMAGE_NAME = /(deluan/navidrome|ghcr\\.io/dgtlmoon/changedetection\\.io)/";
2023-09-29 13:10:26 +02:00
}
2023-09-24 22:07:58 +02:00
2023-09-20 15:39:26 +02:00
#
# _SYSTEMD_UNIT
#
2024-09-24 22:19:55 +02:00
{ # yodaNas
filters = ''
.*
'';
match = "_SYSTEMD_UNIT = /(systemd-logind|syncthing)\\.service/";
}
2024-09-26 14:54:37 +02:00
{ # yodaTux
filters = ''
.*
'';
match = "_SYSTEMD_UNIT = /(bluetooth|cups|systemd-timesyncd)\\.service/";
}
2024-09-24 22:19:55 +02:00
2024-09-14 21:54:13 +02:00
{ # yodaNas
filters = ''
2024-09-26 17:06:04 +02:00
Set \S+ (A|AAAA) record to \S+
2024-09-14 21:54:13 +02:00
\s*The \S+ (A|AAAA) record points already to \S+
'';
match = "_SYSTEMD_UNIT = netcup-dns.service";
}
2024-09-23 14:12:10 +02:00
{ # yodaNas
filters = ''
\[\S+ \S+\] \[NOTICE\] Server with the lowest initial latency: \S+ \(rtt: [0-9]+ms\)
2024-09-26 12:58:00 +02:00
\[\S+ \S+\] \[NOTICE\] Sorted latencies:
2024-09-23 14:12:10 +02:00
\[\S+ \S+\] \[NOTICE\] -\s+[0-9]+ms \S+
\[\S+ \S+\] \[NOTICE\] Anonymizing queries for \[\S+\] via \[\S+\]
'';
match = "_SYSTEMD_UNIT = dnscrypt-proxy2.service";
}
2024-09-26 12:58:00 +02:00
{ # yodaNas
filters = ''
2024-09-26 17:06:04 +02:00
time="[^"]+" level=error msg="\[resolver\] failed to query DNS server: 127.0.0.1:53, query: ;[a-z0-9\.-]+\\tIN\\t A" error="read udp 127.0.0.1:[0-9]+->127.0.0.1:53: i/o timeout"
2024-09-26 12:58:00 +02:00
time="[^"]+" level=info msg="Attempting next endpoint for pull after error: Head "[^"]+": Get "[^"]+": net/http: request canceled while waiting for connection \(Client\.Timeout exceeded while awaiting headers\)"
'';
match = "_SYSTEMD_UNIT = docker.service";
}
2024-09-14 21:54:13 +02:00
{ # yodaNas
filters = ''
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by \(uid=994\)
2024-09-23 14:12:10 +02:00
pam_unix\(sudo:session\): session closed for user root
2024-09-14 21:54:13 +02:00
-+
Backup Summary \(btrbk command line client, version \S+\)
\s+Date:\s+\S+ \S+ \S+ \S+ \S+
\s+Config: \S+
Legend:
\s+=== up-to-date subvolume \(source snapshot\)
\s+\+\+\+ created subvolume \(source snapshot\)
\s+\+\+\+ deleted subvolume
\s+\*\*\* received subvolume \(non-incremental\)
\s+>>> received subvolume \(incremental\)
\s+
#
# BTRFS subvolume paths
#
/jc-data/\S+
/mnt/data/\S+/\S+
\+\+\+ /mnt/data/\S+/\S+
\+\+\+ /snap/\S+
'';
2024-09-24 18:22:34 +02:00
match = "_SYSTEMD_UNIT = /btrbk-local-snapshot-(hdd|ssd)\\.service/";
2024-09-14 21:54:13 +02:00
}
2024-09-14 21:20:49 +02:00
{ # yodaHedgehog
filters = ''
info: OpenSMTPD \S+-portable starting
\S+ smtp connected address=local host=${config.networking.hostName}
\S+ smtp message msgid=\S+ size=\S+ nrcpt=1 proto=ESMTP
2024-09-24 18:22:34 +02:00
\S+ smtp envelope evpid=[0-9a-f]+ from=<langbein@mail.de> to=\S+
2024-09-14 21:20:49 +02:00
\S+ smtp disconnected reason=quit
\S+ mta connecting address=smtps://\S+ host=\S+
\S+ mta connected
\S+ mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
2024-09-24 18:22:34 +02:00
\S+ mta cert-check result="valid" fingerprint="SHA256:[0-9a-f]+"
2024-09-14 21:20:49 +02:00
\S+ mta delivery evpid=\S+ from=\S+ to=\S+ rcpt=<-> source=\S+ relay="\S+ \(\S+\)" delay=\S+ result="Ok" stat="250 2.0.0 Ok: queued as \S+"
\S+ mta disconnected reason=quit messages=1
Exiting
'';
match = "_SYSTEMD_UNIT = opensmtpd.service";
}
2024-02-24 21:35:13 +01:00
# TODO: Wait until issue is resolved
# https://github.com/NixOS/nixpkgs/issues/267857
# /etc/tmpfiles.d/tmp.conf:11: Duplicate line for path "/tmp", ignoring.
{ # yodaHedgehog
filters = ''
/etc/tmpfiles\.d/tmp\.conf:11: Duplicate line for path "/tmp", ignoring\.
'';
match = "_SYSTEMD_UNIT = systemd-tmpfiles-setup.service";
}
2024-09-26 14:54:37 +02:00
{ # yodaHedgehog
2023-09-18 15:45:26 +02:00
filters = ''
2024-09-26 14:54:37 +02:00
sd[a-z] spinup
2023-09-18 15:45:26 +02:00
'';
2024-09-26 14:54:37 +02:00
match = "_SYSTEMD_UNIT = hd-idle.service";
2023-09-18 15:45:26 +02:00
}
2023-10-03 16:38:26 +02:00
{ # yodaNas. TODO: This is maybe a bug. It occurs when deploying and switching to a NixOS config with colmena.
filters = ''
\S+: Process '/nix/store/\S+-bash-\S+/bin/sh -c 'echo 2 > /proc/sys/net/ipv6/conf/\S+/use_tempaddr''' failed with exit code 1.
'';
match = "_SYSTEMD_UNIT = systemd-udevd.service";
}
2023-09-20 15:39:26 +02:00
{ # yodaTux, yodaYoga
2023-09-18 15:45:26 +02:00
filters = ''
The system will suspend now!
2023-09-27 16:44:56 +02:00
The system will power off now!
2023-10-04 14:04:19 +02:00
The system will reboot now!
2023-09-20 15:39:26 +02:00
System is powering down\.
2023-10-04 14:04:19 +02:00
System is rebooting\.
2023-09-18 15:45:26 +02:00
'';
match = "_SYSTEMD_UNIT = systemd-logind.service";
}
2024-09-26 17:06:04 +02:00
{
filters = ''
Successful su for root by root
pam_unix\(su:session\): session opened for user root\(uid=0\) by root\(uid=0\)
pam_unix\(su:session\): session closed for user root
'';
match = "_SYSTEMD_UNIT = /session-[0-9]+\\.scope/";
}
2023-10-16 16:09:17 +02:00
{ # yodaTux, yodaNas
2023-09-18 15:45:26 +02:00
filters = ''
2024-10-15 12:03:41 +02:00
\S+\.(service|scope|slice|mount): Consumed ([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.
2024-09-26 14:54:37 +02:00
#
2024-09-14 21:21:14 +02:00
Starting \S+\.service\.\.\.
2024-09-26 14:54:37 +02:00
\S+\.service: Scheduled restart job, restart counter is at 1\.
2024-09-14 21:21:14 +02:00
Finished \S+\.service\.
2024-09-26 14:54:37 +02:00
\S+\.(service|mount): Deactivated successfully\.
2024-09-14 21:21:14 +02:00
#
2024-09-26 14:54:37 +02:00
Starting User Runtime Directory /run/user/(0|1000)\.\.\.
Starting User Manager for UID (0|1000)\.\.\.
Starting Spin down inactive HDD \S+\.\.\.
Starting Takes BTRFS snapshots and maintains retention policies\.\.\.\.
Starting Load Kernel Module efi_pstore\.\.\.
Starting Create SUID/SGID Wrappers\.\.\.
Starting Update and start Jinja-Compose project\.\.\.
2024-09-26 17:06:04 +02:00
Starting Cleanup of Temporary Directories\.\.\.
2024-09-26 14:54:37 +02:00
Started \S+\.service\.
Started Logrotate Service\.
Started User Manager for UID (0|1000)\.
Started Session [0-9]+ of User root\.
Finished Takes BTRFS snapshots and maintains retention policies\.\.
Finished User Runtime Directory /run/user/(0|1000)\.
Finished Spin down inactive HDD \S+\.
Finished Load Kernel Module efi_pstore\.
Finished Create SUID/SGID Wrappers\.
2024-09-26 17:06:04 +02:00
Finished Cleanup of Temporary Directories\.
2024-09-26 14:54:37 +02:00
Finished Update and start Jinja-Compose project\.
Stopping Reactivate sysinit units\.\.\.
Stopping User Manager for UID (0|1000)\.\.\.
Stopping User Runtime Directory /run/user/(0|1000)\.\.\.
Stopped target Local File Systems\.
Stopped target Remote File Systems\.
Stopped target Reactivate sysinit units\.
Stopped User Manager for UID (0|1000)\.
Stopped User Runtime Directory /run/user/(0|1000)\.\.\.
2024-09-26 17:06:04 +02:00
Stopped User Runtime Directory /run/user/(0|1000)\.
2024-09-26 14:54:37 +02:00
Reached target Reactivate sysinit units\.
Reached target Local File Systems\.
Reached target Remote File Systems\.
Reloading requested from client PID [0-9]+ \('systemctl'\) \(unit session-[0-9]+\.scope\)\.\.\.
Reloading\.\.\.
Reloading finished in [0-9]+ ms\.
session-[0-9]+\.scope: Deactivated successfully\.
#
2024-09-26 17:06:04 +02:00
(\S+ )+was skipped because no trigger condition checks were met\.
2024-09-26 14:54:37 +02:00
(\S+ )+was skipped because of an unmet condition check \([^)]+\)\.
File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
#
# TODO bug
smtpd-key\.service: Found left-over process [0-9]+ \(smtpd-key-pre-s\) in control group while starting unit\. Ignoring\.
smtpd-key\.service: This usually indicates unclean termination of a previous run, or service implementation deficiencies\.
'';
match = "_SYSTEMD_UNIT = init.scope";
}
{ # yodaTux, yodaNas
filters = ''
Activating special unit Exit the Session\.\.\.
Starting D-Bus User Message Bus Socket\.\.\.
Starting Run user-specific NixOS activation\.\.\.
Listening on D-Bus User Message Bus Socket\.
Stopped target Main User Target\.
Stopped target Basic System\.
Stopped target Paths\.
Stopped target Sockets\.
Stopped target Timers\.
Closed D-Bus User Message Bus Socket\.
Removed slice User Application Slice\.
Reached target Shutdown\.
Reached target Paths\.
Reached target Timers\.
Reached target Sockets\.
Reached target Basic System\.
Reached target Exit the Session\.
Reached target Main User Target\.
Finished Exit the Session\.
Finished Run user-specific NixOS activation\.
#
Startup finished in [0-9]+ms\.
#
Created slice User Application Slice\.
Queued start job for default target Main User Target\.
pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by \(uid=0\)
2024-09-26 17:06:04 +02:00
pam_unix\(systemd-user:session\): session closed for user (root|yoda)
2024-09-26 14:54:37 +02:00
Reexecuting requested from client PID [0-9]+ \('systemctl'\)\.\.\.
2023-09-20 15:39:26 +02:00
Reexecuting\.
2024-09-26 17:06:04 +02:00
Run (\S+ )+was skipped because of an unmet condition check \([^)]+\)\.
2023-09-18 15:45:26 +02:00
'';
2024-09-26 14:54:37 +02:00
match = "_SYSTEMD_UNIT = /user@(0|1000)\\.service/";
2023-09-18 15:45:26 +02:00
}
2024-09-26 17:06:04 +02:00
{
filters = ''
flapped down
'';
match = "_SYSTEMD_UNIT = smtpd-key.service";
}
{
filters = ''
flapped down
'';
match = "_SYSTEMD_UNIT = netcup-dns-95191.json-key.service";
}
2023-09-18 15:45:26 +02:00
{ # yodaTux
filters = ''
2024-02-23 14:10:04 +01:00
Acquired the name org\.freedesktop\.PolicyKit1 on the system bus
2023-09-18 15:45:26 +02:00
Reloading rules
2023-09-20 15:39:26 +02:00
Collecting garbage unconditionally\.\.\.
2023-09-18 15:45:26 +02:00
Loading rules from directory /.+
Finished loading, compiling and executing [0-9]+ rules
2024-09-26 14:54:37 +02:00
#
Registered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+ \[/run/current-system/sw/bin/pkttyagent --notify-fd 5 --fallback\], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\)
Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:yoda to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:yoda\)
Unregistered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\)
2024-09-26 17:06:04 +02:00
Unregistered Authentication Agent for unix-process:unknown \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\)
2023-09-18 15:45:26 +02:00
'';
match = "_SYSTEMD_UNIT = polkit.service";
}
{ # yodaTux
filters = ''
.+ error name="org\.bluez\.MediaEndpoint1\.Error\.NotImplemented" .+
2023-09-20 11:34:32 +02:00
# Open issue: https://github.com/NixOS/nixpkgs/issues/79220
2023-09-23 15:22:24 +02:00
Unknown (username|group) .+ in message bus configuration file
2023-09-18 15:45:26 +02:00
'';
2023-09-18 22:02:25 +02:00
match = "_SYSTEMD_UNIT = dbus.service";
}
2023-09-20 11:34:32 +02:00
{ # yodaTux
filters = ''
2023-09-20 13:38:26 +02:00
Mounted /dev/\S+ at /\S+ on behalf of uid [0-9]+
Cleaning up mount point /\S+ \(device \S+ is not mounted\)
Unmounted /dev/\S+ on behalf of uid [0-9]+
Successfully sent SCSI command SYNCHRONIZE CACHE to /dev/\S+
Successfully sent SCSI command START STOP UNIT to /dev/\S+
Powered off /dev/\S+ - successfully wrote to sysfs path /sys/devices/\S+
2023-09-20 11:34:32 +02:00
'';
2023-09-20 13:38:26 +02:00
match = "_SYSTEMD_UNIT = udisks2.service";
}
2024-09-26 14:54:37 +02:00
{ # yodaNas
filters = ''
Disk is in standby or sleeping\.
'';
match = "_SYSTEMD_UNIT = /hdparm-ata-.*\\.service/";
}
2024-08-31 13:17:14 +02:00
{ # yodaNas
filters = ''
2024-08-31 19:06:12 +02:00
\s+\S+ Skipped - Image is already being pulled by \S+
\s+\S+ Pulling
2024-09-02 17:18:23 +02:00
\s+\S+ Already exists
\s+\S+ Waiting
2024-09-03 12:52:48 +02:00
\s+\S+ (Downloading|Extracting) \[=*> *\]\s+([0-9]+\.)?[0-9]+(B|kB|MB|GB)/([0-9]+\.)?[0-9]+(B|kB|MB|GB)
\s+\S+ Download complete
2024-09-02 17:18:23 +02:00
\s+\S+ Verifying Checksum
\s+\S+ Pull complete
2024-08-31 19:06:12 +02:00
\s+\S+ Pulled
2024-09-10 12:13:58 +02:00
\s+Network \S+ (Creating|Created)
\s+Container \S+ (Creating|Created|Recreate|Recreated|Waiting|Starting|Started|Running|Healthy)
2024-08-31 13:17:14 +02:00
'';
match = "_SYSTEMD_UNIT = Jinja-Compose.service";
}
2023-09-20 13:38:26 +02:00
#
# SYSLOG_IDENTIFIER
#
2024-09-25 19:44:08 +02:00
# sshd running on the host system
# _SYSTEMD_UNIT = sshd.service
# However, sometimes the _SYSTEMD_UNIT field is missing
# SYSLOG_IDENTIFIER = sshd
2024-12-08 10:22:09 +01:00
# Sometimes (TODO maybe always since NixOS 24.11 ?)
# SYSLOG_IDENTIFIER = sshd-session
2024-09-25 19:44:08 +02:00
{
2024-09-26 12:54:16 +02:00
filters = sshd_filter;
2024-12-08 10:22:09 +01:00
match = "SYSLOG_IDENTIFIER = /(sshd|sshd-session)/";
2024-09-25 19:44:08 +02:00
}
2024-02-25 17:33:54 +01:00
{
2023-09-20 13:38:26 +02:00
filters = ''
2024-09-24 22:19:55 +02:00
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)
pam_unix\(sudo:session\): session closed for user root
2024-02-25 17:33:54 +01:00
# yodaTux. If the user `yoda` runs a command with `sudo`.
2023-09-23 18:36:51 +02:00
\s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
2024-02-25 17:33:54 +01:00
# yodaNas. If the btrbk service is run.
\s+btrbk : PWD=/ ; USER=root ; COMMAND=/.+
2024-04-03 12:54:34 +02:00
\s+root : PWD=(/|/root) ; USER=root ; COMMAND=(/run/current-system/sw|/nix/store/[a-z0-9]+-btrfs-progs-[0-9\.]+)/bin/btrfs (subvolume list|subvolume show|subvolume delete|send|receive) .+
\s+root : PWD=(/|/root) ; USER=root ; COMMAND=(/run/current-system/sw|/nix/store/[a-z0-9]+-coreutils-[0-9\.]+)/bin/readlink -v -e .+
2023-09-20 13:38:26 +02:00
'';
match = "SYSLOG_IDENTIFIER = sudo";
}
{ # yodaYoga
filters = ''
(finished )?switching to system configuration /nix/store/.+-nixos-system-.+-[0-9]+\.[0-9]+pre-git
'';
match = "SYSLOG_IDENTIFIER = nixos";
2023-09-20 11:34:32 +02:00
}
2023-09-18 22:02:25 +02:00
{ # yodaTux
filters = ''
.*
'';
match = "SYSLOG_IDENTIFIER = //nix/store/.+/libexec/gdm-x-session/";
2023-09-18 15:45:26 +02:00
}
2024-08-24 13:22:13 +02:00
{
2023-11-21 13:02:15 +01:00
filters = (''
2024-09-24 18:22:34 +02:00
# Somebody evil iterating through different ports
2024-09-26 17:06:04 +02:00
refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ .+ PROTO=TCP SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x00 SYN URGP=0\s+
2023-10-04 14:04:19 +02:00
# Ignore.
2024-08-28 18:20:45 +02:00
systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set
2023-11-03 16:11:40 +01:00
# Ignore.
Unknown kernel command line parameters "ip=dhcp", will be passed to user space.
2024-08-28 18:20:45 +02:00
# Ignore.
random: crng reseeded on system resumption
random: crng init done
# Ignore.
BTRFS warning \(device dm-[0-9]+\): skipping scrub of block group [0-9]+ due to active swapfile
# Ignore.
ata[0-9]\.00: Entering standby power mode
ata[0-9]\.00: Entering active power mode
2023-10-04 14:04:19 +02:00
#
# yodaTux
2023-09-23 15:22:24 +02:00
#
2023-09-20 22:24:33 +02:00
# Ignore.
2023-10-16 16:09:17 +02:00
audit: type=2000 audit\([0-9]+\.[0-9]+:[0-9]+\): state=initialized audit_enabled=0 res=1
2023-09-29 13:10:26 +02:00
ENERGY_PERF_BIAS: Set to 'normal', was 'performance'
2023-11-16 11:05:59 +01:00
Kernel command line: initrd=\S+ init=\S+ ip=dhcp mds=full,nosmt loglevel=[0-9]
Kernel command line: initrd=\S+ init=\S+ ip=dhcp loglevel=[0-9]
2023-11-08 19:34:23 +01:00
# Linux version 6.1.61 (nixbld@localhost) (gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.40) #1-NixOS SMP PREEMPT_DYNAMIC Thu Nov 2 08:35:33 UTC 2023
Linux version \S+ \(nixbld@localhost\) \(gcc \(GCC\) \S+, GNU ld \(GNU Binutils\) \S+\) #1-NixOS SMP PREEMPT_DYNAMIC \S+ \S+\s+\S+ \S+ UTC \S+
2023-10-16 14:37:59 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] [0-9]+ 512-byte logical blocks: \(\S+ (GB|TB)/\S+ (GiB|TiB)\)
2023-10-04 14:04:19 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] [0-9]+-byte physical blocks
2023-09-27 17:05:01 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] Write Protect is off
sd [0-9]:0:0:0: \[sd[a-z]\] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd [0-9]:0:0:0: \[sd[a-z]\] Optimal transfer size [0-9]+ bytes not a multiple of preferred minimum block size ([0-9] bytes)
2023-11-03 16:11:40 +01:00
sd [0-9]:0:0:0: \[sd[a-z]\] Attached SCSI (removable )?disk
2024-08-13 16:05:29 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] Starting disk
2023-11-03 16:11:40 +01:00
sd [0-9]:0:0:0: \[sd[a-z]\] Stopping disk
2023-09-27 17:05:01 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] Synchronizing SCSI cache
2023-09-29 13:10:26 +02:00
sd [0-9]:0:0:0: \[sd[a-z]\] supports TCG Opal
\#3
2023-09-23 15:22:24 +02:00
#
2023-10-04 14:04:19 +02:00
# yodaTab
2023-09-23 15:22:24 +02:00
#
# Ignore.
mmc0: cannot verify signal voltage switch
2023-09-27 16:44:56 +02:00
Initialise system trusted keyrings
Key type asymmetric registered
Asymmetric key parser 'x509' registered
2023-09-29 13:14:05 +02:00
Loading compiled-in X\.509 certificates
2023-09-27 16:44:56 +02:00
Key type \.fscrypt registered
Key type fscrypt-provisioning registered
Key type encrypted registered
Bridge firewalling registered
SCSI subsystem initialized
2023-09-27 17:00:39 +02:00
scsi [0-9]:0:0:0: Direct-Access\s+ATA.+PQ: 0 ANSI: 5
2023-09-27 17:05:01 +02:00
scsi [0-9]:0:0:0: Direct-Access.+PQ: 0 ANSI: 6
2023-09-27 16:44:56 +02:00
thinkpad_acpi: Disabling thinkpad-acpi brightness events by default\.\.\.
2023-10-04 14:04:19 +02:00
VFS: Disk quotas dquot_[0-9]+\.[0-9]+\.[0-9]+
2023-09-27 17:05:01 +02:00
ata1\.00: supports DRM functions and may not be fully accessible
2023-09-23 15:22:24 +02:00
#
done\.
2023-11-21 13:02:15 +01:00
'' + (if (config.networking.hostName == "yodaHedgehog") then ''
2024-08-24 13:22:13 +02:00
#
2023-11-03 16:11:40 +01:00
# Not sure about this.
2024-08-24 13:22:13 +02:00
#
2023-11-03 16:11:40 +01:00
hpet: number irqs doesn't agree with number of timers
2024-02-24 21:35:13 +01:00
gpio gpiochip0: \(INT0002 Virtual GPIO\): not an immutable chip, please consider fixing it!
2023-11-03 16:19:23 +01:00
at24 0-0050: supply vcc not found, using dummy regulator
intel-spi: probe of intel-spi failed with error -22
2024-08-24 13:22:13 +02:00
#
2023-11-08 19:34:23 +01:00
# Ignore.
2024-08-24 13:22:13 +02:00
#
2024-09-26 12:58:00 +02:00
perf: interrupt took too long \([0-9]+ > [0-9]+\), lowering kernel\.perf_event_max_sample_rate to [0-9]+
2024-08-24 13:22:13 +02:00
ACPI BIOS Warning \(bug\): .*
2023-11-21 13:02:15 +01:00
ata[0-9]: link is slow to respond, please be patient \(ready=0\)
# Not sure about this.
2023-11-22 14:41:04 +01:00
ata4\.00: qc timeout after 10000 msecs \(cmd 0x40\)
2023-11-21 13:02:15 +01:00
ata4\.00: VERIFY failed \(err_mask=0x4\)
ata4\.00: failed to IDENTIFY \(I/O error, err_mask=0x40\)
ata4\.00: revalidation failed \(errno=-5\)
2024-08-24 13:22:13 +02:00
#
2023-12-25 16:01:10 +01:00
# Ignore very frequent kernel stack traces
2024-08-24 13:22:13 +02:00
#
2024-01-04 11:22:46 +01:00
------------\[ cut here \]------------
2023-12-26 12:14:48 +01:00
i915 0000:00:02\.0: drm_WARN_ON\(\(intel_uncore_read\(&dev_priv->uncore, \(\(const i915_reg_t\){ \.reg = \(0x130090\) }\)\) & mask\) != mask\)
WARNING: CPU: [0-9]+ PID: [0-9]+ at drivers/gpu/drm/i915/vlv_suspend\.c:.*
2024-01-04 11:22:46 +01:00
Modules linked in:( \S+)+ ?
2024-08-28 14:37:17 +02:00
( dmi_sysfs| efivarfs| nfnetlink| configfs| efi_pstore| ip_tables| x_tables| autofs4| dm_crypt| cbc| irqbypass| drivetemp| drm| fuse| deflate){5}( \S+)+
2024-04-03 12:54:34 +02:00
CPU: [0-9]+ PID: [0-9]+ Comm: kworker/\S+ Tainted: G W [0-9]+\.[0-9]+\.[0-9]+ #1-NixOS
CPU: [0-9]+ PID: [0-9]+ Comm: kworker/\S+ Not tainted [0-9]+\.[0-9]+\.[0-9]+ #1-NixOS
2024-01-04 11:22:46 +01:00
Hardware name: To Be Filled By O\.E\.M\. To Be Filled By O\.E\.M\./N3150-ITX, BIOS P1\.10 05/20/2015
Workqueue: pm pm_runtime_work
2024-01-03 15:45:46 +01:00
Workqueue: events_unbound async_run_entry_fn
2024-01-04 11:22:46 +01:00
RIP: .*:vlv_suspend_complete\+0x[0-9abcdef]+/0x[0-9abcdef]+ \[i915\]
2024-08-31 12:06:05 +02:00
Code: 8b 7b 08 4c 8b 67 50 4d 85 e4 74 25 e8 ([0-9a-f][0-9a-f] )+<0f> 0b e9 [0-9a-f][0-9a-f] f9 ff ff 4c 8b 27 eb d6( [0-9a-f][0-9a-f])+
2024-01-04 16:02:31 +01:00
RSP: [0-9]+:[0-9a-f]+ EFLAGS: [0-9a-f]+
2024-02-15 18:04:52 +01:00
RAX: 0000000000000000 RBX: [0-9a-f]+ RCX: [0-9a-f]+
RDX: [0-9a-f]+ RSI: [0-9a-f]+ RDI: [0-9a-f]+
2024-01-12 13:36:15 +01:00
RBP: [0-9a-f]+ R08: [0-9a-f]+ R09: [0-9a-f]+
R10: [0-9a-f]+ R11: [0-9a-f]+ R12: [0-9a-f]+
R13: [0-9a-f]+ R14: [0-9a-f]+ R15: [0-9a-f]+
2024-01-04 11:22:46 +01:00
FS: 0000000000000000\(0000\) GS:[0-9a-f]+\(0000\) knlGS:0000000000000000
2024-01-03 15:45:46 +01:00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
2024-01-06 21:54:25 +01:00
CR2: [0-9a-f]+ CR3: [0-9a-f]+ CR4: [0-9a-f]+
2023-12-25 16:01:10 +01:00
Call Trace:
<TASK>
2023-12-26 12:14:48 +01:00
\? \S+\+0x[0-9abcdef]+/0x[0-9abcdef]+( \[i915\])?
2024-08-13 16:05:29 +02:00
(intel_runtime_suspend|pci_pm_runtime_suspend|__rpm_callback|rpm_callback|rpm_suspend|pm_runtime_work|process_one_work|worker_thread|kthread|ret_from_fork|ret_from_fork_asm|async_run_entry_fn|async_suspend_late|__device_suspend_late|dpm_run_callback|i915_drm_suspend_late)\+0x[0-9abcdef]+/0x[0-9abcdef]+( \[i915\])?
2023-12-25 16:01:10 +01:00
</TASK>
2023-12-26 12:14:48 +01:00
---\[ end trace 0000000000000000 \]---
2024-08-24 13:22:13 +02:00
'' else if (config.networking.hostName == "yodaYoga") then ''
# Ignore BIOS bug.
ACPI: \[Firmware Bug\]: .*
ACPI BIOS Error \(bug\): .*
ACPI Error: .*
ACPI Warning: .*
# Ignore.
usb: port power management may be unreliable
'' else if (config.networking.hostName == "yodaTux") then ''
# Ignore BIOS bug.
ACPI: FW issue: working around C-state latencies out of order
# Kernel WiFi driver bug.
#iwlwifi 0000:01:00\.0: .*
iwlwifi 0000:01:00\.0: Unhandled alg: 0x707
iwlwifi 0000:01:00\.0: Not associated and the session protection is over already...
iwlwifi 0000:01:00\.0: api flags index 2 larger than supported by driver
2024-08-28 18:20:45 +02:00
'' else if (config.networking.hostName == "yodaNas") then ''
# Probably safe to ignore.
2024-09-10 12:13:58 +02:00
resource: resource sanity check: requesting \[mem 0x[0-9a-f]+-0x[0-9a-f]+\], which spans more than Reserved \[mem 0x[0-9a-f]+-0x[0-9a-f]+\]
2024-08-28 18:20:45 +02:00
# Ingore: Probably just copying of boot graphics (.bmp) failed. https://patchwork.kernel.org/project/linux-fbdev/patch/20180617153235.16219-3-hdegoede@redhat.com/
efifb: Ignoring BGRT: unexpected or invalid BMP data
# Not sure about this.
i915 0000:00:02\.0: \[drm\] \[ENCODER:.*\] is disabled/in DSI mode with an ungated DDI clock, gate it
# Not sure about this. Probably BIOS related.
# https://wiki.archlinux.org/title/improving_performance#Enabling_PCI_resizable_BAR
caller (pmc_core_probe|get_primary_reg_base)\+0x\S+ \[intel_pmc_core\] mapping multiple BARs
2023-11-21 13:02:15 +01:00
'' else ""));
2023-09-18 15:45:26 +02:00
match = "SYSLOG_IDENTIFIER = kernel";
}
2023-09-20 11:34:32 +02:00
{ # yodaTux
filters = ''
.*
'';
match = "SYSLOG_IDENTIFIER = simple-scan";
}
2023-09-20 13:38:26 +02:00
#
# _SYSTEMD_USER_UNIT
#
2024-09-26 14:54:37 +02:00
{ # yodaTux
filters = ''
.*
'';
match = "_SYSTEMD_USER_UNIT = /(org\\.gnome\\..+\\.service|pipewire\\.service|wireplumber\\.service|app-gnome-org\\.gnome\\.Software-[0-9]+\\.scope)/";
}
2023-09-23 15:22:24 +02:00
{ # yodaTux, yodaTab
2023-09-20 13:38:26 +02:00
filters = ''
.+ Setting AttentionNeeded to FALSE because EnsureCredentials\(\) succeded
2023-09-23 15:22:24 +02:00
Connecting to org\.freedesktop\.Tracker3\.Miner\.Files
2023-09-20 13:38:26 +02:00
'';
match = "_SYSTEMD_USER_UNIT = dbus.service";
}
];
};
}