diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix index c82cdb0..b12c6f6 100644 --- a/modules/journalwatch.nix +++ b/modules/journalwatch.nix @@ -179,7 +179,7 @@ # 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304 # 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304 [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|OPTIONS|PATCH|POST|PROPFIND|PUT) /(index|status)\.php" (200|201|204|206|302|303|304|400|401|403|404|405|409|412|422|423|500) - [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPPATCH|PROPFIND|PUT|REPORT|SEARCH) /remote\.php" (200|201|204|206|207|400|401|404|405|409|412|415|416|423|500|501) + [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(COPY|DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPPATCH|PROPFIND|PUT|REPORT|SEARCH) /remote\.php" (200|201|204|206|207|400|401|404|405|409|412|415|416|423|500|501) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /ocs/(v1|v2)\.php" (200|201|202|204|304|401|403|404|412|500) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|HEAD) /(ocm|ocs)-provider/index\.php" 200 [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|MKCOL|MOVE|PROPFIND|PUT) /public\.php" (200|201|204|207|401|403|404) @@ -324,9 +324,19 @@ match = "_SYSTEMD_UNIT = netcup-dns.service"; } + { # yodaNas + filters = '' + \[\S+ \S+\] \[NOTICE\] Server with the lowest initial latency: \S+ \(rtt: [0-9]+ms\) + \[\S+ \S+\] \[NOTICE\] -\s+[0-9]+ms \S+ + \[\S+ \S+\] \[NOTICE\] Anonymizing queries for \[\S+\] via \[\S+\] + ''; + match = "_SYSTEMD_UNIT = dnscrypt-proxy2.service"; + } + { # yodaNas filters = '' pam_unix\(sudo:session\): session opened for user root\(uid=0\) by \(uid=994\) + pam_unix\(sudo:session\): session closed for user root -+ Backup Summary \(btrbk command line client, version \S+\) \s+Date:\s+\S+ \S+ \S+ \S+ \S+ @@ -354,12 +364,13 @@ info: OpenSMTPD \S+-portable starting \S+ smtp connected address=local host=${config.networking.hostName} \S+ smtp message msgid=\S+ size=\S+ nrcpt=1 proto=ESMTP - \S+ smtp envelope evpid=6942f031b936b01f from=\S+ to=\S+ + \S+ smtp envelope evpid=[0-9a-c]+ from= to=\S+ \S+ smtp disconnected reason=quit \S+ mta connecting address=smtps://\S+ host=\S+ \S+ mta connected \S+ mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256 - \S+ mta cert-check result=\\"valid\\" fingerprint=\S+ + #\S+ mta cert-check result=\\"valid\\" fingerprint=\S+ + \S+ mta cert-check result="valid" fingerprint="SHA256:[0-9a-c]+" \S+ mta delivery evpid=\S+ from=\S+ to=\S+ rcpt=<-> source=\S+ relay="\S+ \(\S+\)" delay=\S+ result="Ok" stat="250 2.0.0 Ok: queued as \S+" \S+ mta disconnected reason=quit messages=1 Exiting @@ -377,7 +388,9 @@ # # Somebody evil ... # - Connection closed by \S+ port 36200 \[preauth\] + Disconnected from authenticating user root \S+ port \S+ \[preauth\] + Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\] + Connection closed by \S+ port \S+ \[preauth\] error: kex_exchange_identification: banner line contains invalid characters # error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222" # error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"