journalwatch config

2024-11-21 22:03:19 +01:00 · 2024-09-23 14:12:10 +02:00 · 2024-09-23 14:12:10 +02:00 · 310d3a8709
commit 310d3a8709
parent b2ff38d7f4
1 changed files with 17 additions and 4 deletions
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@ -179,7 +179,7 @@
          # 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304
          # 1.1.1.1 -  28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304
          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|OPTIONS|PATCH|POST|PROPFIND|PUT) /(index|status)\.php" (200|201|204|206|302|303|304|400|401|403|404|405|409|412|422|423|500)
-          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPPATCH|PROPFIND|PUT|REPORT|SEARCH) /remote\.php" (200|201|204|206|207|400|401|404|405|409|412|415|416|423|500|501)
+          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(COPY|DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPPATCH|PROPFIND|PUT|REPORT|SEARCH) /remote\.php" (200|201|204|206|207|400|401|404|405|409|412|415|416|423|500|501)
          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /ocs/(v1|v2)\.php" (200|201|202|204|304|401|403|404|412|500)
          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|HEAD) /(ocm|ocs)-provider/index\.php" 200
          [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|MKCOL|MOVE|PROPFIND|PUT) /public\.php" (200|201|204|207|401|403|404)
@ -324,9 +324,19 @@
        match = "_SYSTEMD_UNIT = netcup-dns.service";
      }

+      { # yodaNas
+        filters = ''
+          \[\S+ \S+\] \[NOTICE\] Server with the lowest initial latency: \S+ \(rtt: [0-9]+ms\)
+          \[\S+ \S+\] \[NOTICE\] -\s+[0-9]+ms \S+
+          \[\S+ \S+\] \[NOTICE\] Anonymizing queries for \[\S+\] via \[\S+\]
+        '';
+        match = "_SYSTEMD_UNIT = dnscrypt-proxy2.service";
+      }
+
      { # yodaNas
        filters = ''
          pam_unix\(sudo:session\): session opened for user root\(uid=0\) by \(uid=994\)
+          pam_unix\(sudo:session\): session closed for user root
          -+
          Backup Summary \(btrbk command line client, version \S+\)
          \s+Date:\s+\S+ \S+ \S+ \S+ \S+
@ -354,12 +364,13 @@
          info: OpenSMTPD \S+-portable starting
          \S+ smtp connected address=local host=${config.networking.hostName}
          \S+ smtp message msgid=\S+ size=\S+ nrcpt=1 proto=ESMTP
-          \S+ smtp envelope evpid=6942f031b936b01f from=\S+ to=\S+
+          \S+ smtp envelope evpid=[0-9a-c]+ from=<langbein@mail.de> to=\S+
          \S+ smtp disconnected reason=quit
          \S+ mta connecting address=smtps://\S+ host=\S+
          \S+ mta connected
          \S+ mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
-          \S+ mta cert-check result=\\"valid\\" fingerprint=\S+
+          #\S+ mta cert-check result=\\"valid\\" fingerprint=\S+
+          \S+ mta cert-check result="valid" fingerprint="SHA256:[0-9a-c]+"
          \S+ mta delivery evpid=\S+ from=\S+ to=\S+ rcpt=<-> source=\S+ relay="\S+ \(\S+\)" delay=\S+ result="Ok" stat="250 2.0.0 Ok: queued as \S+"
          \S+ mta disconnected reason=quit messages=1
          Exiting
@ -377,7 +388,9 @@
          #
          # Somebody evil ...
          #
-          Connection closed by \S+ port 36200 \[preauth\]
+          Disconnected from authenticating user root \S+ port \S+ \[preauth\]
+          Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
+          Connection closed by \S+ port \S+ \[preauth\]
          error: kex_exchange_identification: banner line contains invalid characters
          # error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
          # error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"