From 20ff5b3e077fcf979247ad12289fd0fb02b97cca Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Thu, 26 Sep 2024 17:06:04 +0200 Subject: [PATCH] journalwatch config --- hosts/yodaGaming/configuration.nix | 2 +- hosts/yodaYoga/configuration.nix | 2 +- modules/journalwatch.nix | 43 +++++++++++++++++++++++++----- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/hosts/yodaGaming/configuration.nix b/hosts/yodaGaming/configuration.nix index c333334..01b4543 100644 --- a/hosts/yodaGaming/configuration.nix +++ b/hosts/yodaGaming/configuration.nix @@ -42,7 +42,7 @@ ../../modules/jetbrains-ide.nix ]; - foo = throw "NixOS rebuild boot required to update to 24.05"; + #foo = throw "NixOS rebuild boot required to update to 24.05"; networking.hostName = "yodaGaming"; boot.initrd.luks.devices."luks-root".allowDiscards = true; diff --git a/hosts/yodaYoga/configuration.nix b/hosts/yodaYoga/configuration.nix index ca00816..5a9d710 100644 --- a/hosts/yodaYoga/configuration.nix +++ b/hosts/yodaYoga/configuration.nix @@ -24,7 +24,7 @@ ../../modules/btrfs-mount-options.nix ]; - foo = throw "NixOS rebuild boot required to update to 24.05"; + #foo = throw "NixOS rebuild boot required to update to 24.05"; networking.hostName = "yodaYoga"; boot.initrd.luks.devices."luks-a8521407-e25b-4f26-8e7a-a56fcbfd2e35".allowDiscards = true; diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix index 16d4905..e470e2c 100644 --- a/modules/journalwatch.nix +++ b/modules/journalwatch.nix @@ -49,16 +49,19 @@ let Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\] Unable to negotiate with \S+ port \S+: no matching key exchange method found. Their offer: \S+ \[preauth\] Invalid user \S+ from \S+ port \S+ + Disconnected from \S+ port \S+ \[preauth\] Disconnected from invalid user \S+ \S+ port \S+ \[preauth\] - Disconnected from authenticating user root \S+ port \S+ \[preauth\] + Disconnected from authenticating user (root|yoda) \S+ port \S+ \[preauth\] Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\] Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\] + Connection reset by invalid user \S+ \S+ port \S+ \[preauth\ + Connection reset by authenticating user (root|yoda) \S+ port \S+ \[preauth\] Connection reset by \S+ port \S+ \[preauth\] Connection reset by \S+ port \S+ Connection closed by \S+ port \S+ Connection closed by \S+ port \S+ \[preauth\] + Connection closed by authenticating user (root|yoda) \S+ port \S+ \[preauth\] Connection closed by invalid user \S+ \S+ port \S+ \[preauth\] - Connection closed by authenticating user root \S+ port \S+ \[preauth\] error: kex_exchange_identification: banner line contains invalid characters error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*" error: kex_exchange_identification: Connection closed by remote host @@ -539,6 +542,7 @@ in { # yodaNas filters = '' + Set \S+ (A|AAAA) record to \S+ \s*The \S+ (A|AAAA) record points already to \S+ ''; match = "_SYSTEMD_UNIT = netcup-dns.service"; @@ -555,7 +559,7 @@ in } { # yodaNas filters = '' - time="[^"]+" level=error msg="\[resolver\] failed to query DNS server: 127.0.0.1:53, query: ;[a-z0-9\.]+\\tIN\\t A" error="read udp 127.0.0.1:[0-9]+->127.0.0.1:53: i/o timeout" + time="[^"]+" level=error msg="\[resolver\] failed to query DNS server: 127.0.0.1:53, query: ;[a-z0-9\.-]+\\tIN\\t A" error="read udp 127.0.0.1:[0-9]+->127.0.0.1:53: i/o timeout" time="[^"]+" level=info msg="Attempting next endpoint for pull after error: Head "[^"]+": Get "[^"]+": net/http: request canceled while waiting for connection \(Client\.Timeout exceeded while awaiting headers\)" ''; match = "_SYSTEMD_UNIT = docker.service"; @@ -634,9 +638,17 @@ in ''; match = "_SYSTEMD_UNIT = systemd-logind.service"; } + { + filters = '' + Successful su for root by root + pam_unix\(su:session\): session opened for user root\(uid=0\) by root\(uid=0\) + pam_unix\(su:session\): session closed for user root + ''; + match = "_SYSTEMD_UNIT = /session-[0-9]+\\.scope/"; + } { # yodaTux, yodaNas filters = '' - \S+\.(service|scope|slice|mount): Consumed [0-9\.]+(s|ms) CPU time(, .+)?\. + \S+\.(service|scope|slice|mount): Consumed ([0-9]min )?[0-9\.]+(s|ms) CPU time(, .+)?\. # Starting \S+\.service\.\.\. \S+\.service: Scheduled restart job, restart counter is at 1\. @@ -650,6 +662,7 @@ in Starting Load Kernel Module efi_pstore\.\.\. Starting Create SUID/SGID Wrappers\.\.\. Starting Update and start Jinja-Compose project\.\.\. + Starting Cleanup of Temporary Directories\.\.\. Started \S+\.service\. Started Logrotate Service\. Started User Manager for UID (0|1000)\. @@ -659,6 +672,7 @@ in Finished Spin down inactive HDD \S+\. Finished Load Kernel Module efi_pstore\. Finished Create SUID/SGID Wrappers\. + Finished Cleanup of Temporary Directories\. Finished Update and start Jinja-Compose project\. Stopping Reactivate sysinit units\.\.\. Stopping User Manager for UID (0|1000)\.\.\. @@ -668,6 +682,7 @@ in Stopped target Reactivate sysinit units\. Stopped User Manager for UID (0|1000)\. Stopped User Runtime Directory /run/user/(0|1000)\.\.\. + Stopped User Runtime Directory /run/user/(0|1000)\. Reached target Reactivate sysinit units\. Reached target Local File Systems\. Reached target Remote File Systems\. @@ -676,6 +691,7 @@ in Reloading finished in [0-9]+ ms\. session-[0-9]+\.scope: Deactivated successfully\. # + (\S+ )+was skipped because no trigger condition checks were met\. (\S+ )+was skipped because of an unmet condition check \([^)]+\)\. File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/). # @@ -713,13 +729,25 @@ in Created slice User Application Slice\. Queued start job for default target Main User Target\. pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by \(uid=0\) - pam_unix\(systemd-user:session\): session closed for user root + pam_unix\(systemd-user:session\): session closed for user (root|yoda) Reexecuting requested from client PID [0-9]+ \('systemctl'\)\.\.\. Reexecuting\. - Run \S+ was skipped because of an unmet condition check \([^)]+\)\. + Run (\S+ )+was skipped because of an unmet condition check \([^)]+\)\. ''; match = "_SYSTEMD_UNIT = /user@(0|1000)\\.service/"; } + { + filters = '' + flapped down + ''; + match = "_SYSTEMD_UNIT = smtpd-key.service"; + } + { + filters = '' + flapped down + ''; + match = "_SYSTEMD_UNIT = netcup-dns-95191.json-key.service"; + } { # yodaTux filters = '' Acquired the name org\.freedesktop\.PolicyKit1 on the system bus @@ -731,6 +759,7 @@ in Registered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+ \[/run/current-system/sw/bin/pkttyagent --notify-fd 5 --fallback\], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:yoda to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:yoda\) Unregistered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\) + Unregistered Authentication Agent for unix-process:unknown \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\) ''; match = "_SYSTEMD_UNIT = polkit.service"; } @@ -817,7 +846,7 @@ in { filters = ('' # Somebody evil iterating through different ports - refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=[0-9]+ HOPLIMIT=[0-9]+ FLOWLBL=[0-9]+ PROTO=TCP SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x00 SYN URGP=0\s+ + refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ .+ PROTO=TCP SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x00 SYN URGP=0\s+ # Ignore. systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set # Ignore.