journalwatch config

This commit is contained in:
Daniel Langbein 2023-09-30 14:25:11 +02:00
parent 3106ddd183
commit 3161ed8d39
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002

View File

@ -89,7 +89,7 @@
filters = '' filters = ''
.* .*
''; '';
match = "CONTAINER_NAME = docker-compose-btp-proxy-1"; match = "CONTAINER_NAME = /(docker-compose-btp-proxy-1|nc_web_[^_-\s]+)/";
} }
{ # yodaNas { # yodaNas
# TODO: Open issue on GitHub https://github.com/nginx-proxy/nginx-proxy/issues/1256. Maybe set env variable RESOLVERS=1.1.1.1? # TODO: Open issue on GitHub https://github.com/nginx-proxy/nginx-proxy/issues/1256. Maybe set env variable RESOLVERS=1.1.1.1?
@ -107,7 +107,13 @@
filters = '' filters = ''
.* .*
''; '';
match = "IMAGE_NAME = /biketripplanner/digitransit-ui:\S+/"; match = "IMAGE_NAME = /(biketripplanner/digitransit-ui:\S+|thetorproject/snowflake-proxy:\S+)/";
}
{ # yodaYoga
filters = ''
\S+ \S+ [error] \S+: \S+ open\(\) "/usr/share/nginx/html/robots.txt" failed \(2: No such file or directory\), client: \S+, server: localhost, request: "GET /robots.txt HTTP/[^"]+", host: "[^"]+"
'';
match = "IMAGE_NAME = /nginx:\S+/";
} }
{ # yodaNas { # yodaNas
# TODO: logged IP is not the public one, but always 172.24.0.6 # TODO: logged IP is not the public one, but always 172.24.0.6
@ -117,12 +123,14 @@
# 1.1.1.1 - 28/Sep/2023:21:03:39 +0000 "GET /status.php" 200 # 1.1.1.1 - 28/Sep/2023:21:03:39 +0000 "GET /status.php" 200
# 1.1.1.1 - 28/Sep/2023:21:12:16 +0000 "GET /index.php" 200 # 1.1.1.1 - 28/Sep/2023:21:12:16 +0000 "GET /index.php" 200
# 1.1.1.1 - my-username 28/Sep/2023:21:20:16 +0000 "DELETE /index.php" 200 # 1.1.1.1 - my-username 28/Sep/2023:21:20:16 +0000 "DELETE /index.php" 200
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST) /(index|status)\.php" (200|304) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /(index|status)\.php" (200|302|303|304|405)
# 1.1.1.1 - my-username 28/Sep/2023:21:10:18 +0000 "PROPFIND /remote\.php" 207 # 1.1.1.1 - my-username 28/Sep/2023:21:10:18 +0000 "PROPFIND /remote\.php" 207
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PROPFIND|PUT|REPORT) /remote\.php" (200|201|204|207|401|404) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PROPFIND|PUT|REPORT) /remote\.php" (200|201|204|207|401|404)
# 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304 # 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304
# 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304 # 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "GET /ocs/(v1|v2)\.php" (200|304|404) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET) /ocs/(v1|v2)\.php" (200|304|404)
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "GET /ocs-provider/index\.php" 200
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "PROPFIND /public\.php" (207|401|404)
''; '';
match = "IMAGE_NAME = p1st/nextcloud:stable-fpm-alpine"; match = "IMAGE_NAME = p1st/nextcloud:stable-fpm-alpine";
} }
@ -165,13 +173,13 @@
} }
{ # yodaYoga { # yodaYoga
filters = '' filters = ''
# Somebody evil trying to connect over SSH ^^
error: kex_exchange_identification: read: Connection reset by peer
# Somebody evil connected with a non-SSH client to the SSH server.
error: kex_exchange_identification: banner line contains invalid characters
# Somebody evil ... # Somebody evil ...
error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1\.1" error: kex_exchange_identification: banner line contains invalid characters
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]+"
error: kex_exchange_identification: Connection closed by remote host error: kex_exchange_identification: Connection closed by remote host
error: kex_exchange_identification: read: Connection reset by peer
error: PAM: Authentication failure for \S+ from \S+ error: PAM: Authentication failure for \S+ from \S+
fatal: Timeout before authentication for \S+ port [0-9]+ fatal: Timeout before authentication for \S+ port [0-9]+
''; '';