journalwatch config

2024-11-21 22:03:19 +01:00 · 2024-09-14 21:54:13 +02:00 · 2024-09-14 21:54:13 +02:00 · 4d1fd9783d
commit 4d1fd9783d
parent 233869cefa
1 changed files with 43 additions and 3 deletions
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@ -105,6 +105,12 @@
        '';
        match = "CONTAINER_NAME = nginx-proxy";
      }
+      { # yodaNas
+        filters = ''
+          127.0.0.1 - - \[\S+ \S+\] "GET \S+ \S+" [0-9]+ [0-9]+ "-" "[^"]"
+        '';
+        match = "CONTAINER_NAME = money.p1st.de";
+      }

      #
      # IMAGE_NAME
@ -311,6 +317,38 @@
      # _SYSTEMD_UNIT
      #

+      { # yodaNas
+        filters = ''
+          \s*The \S+ (A|AAAA) record points already to \S+
+        '';
+        match = "_SYSTEMD_UNIT = netcup-dns.service";
+      }
+
+      { # yodaNas
+        filters = ''
+          pam_unix\(sudo:session\): session opened for user root\(uid=0\) by \(uid=994\)
+          -+
+          Backup Summary \(btrbk command line client, version \S+\)
+          \s+Date:\s+\S+ \S+ \S+ \S+ \S+
+          \s+Config: \S+
+          Legend:
+          \s+===  up-to-date subvolume \(source snapshot\)
+          \s+\+\+\+  created subvolume \(source snapshot\)
+          \s+\+\+\+  deleted subvolume
+          \s+\*\*\*  received subvolume \(non-incremental\)
+          \s+>>>  received subvolume \(incremental\)
+          \s+
+          #
+          # BTRFS subvolume paths
+          #
+          /jc-data/\S+
+          /mnt/data/\S+/\S+
+          \+\+\+ /mnt/data/\S+/\S+
+          \+\+\+ /snap/\S+
+        '';
+        match = "_SYSTEMD_UNIT = btrbk-local-snapshot-ssd.service";
+      }
+
      { # yodaHedgehog
        filters = ''
          info: OpenSMTPD \S+-portable starting
@ -332,13 +370,14 @@
      { # yodaYoga, yodaNas
        filters = ''
          Accepted publickey for root from \S+ port \S+ ssh2: RSA SHA256:\S+
-          pam_unix\(sshd:session\): session opened for user root\(uid=0\) by \(uid=0\)
+          pam_unix\(sshd:session\): session opened for user \S+ by \S+
          Received disconnect from \S+ port \S+:11: disconnected by user
-          Disconnected from user root \S+ port \S+
-          pam_unix\(sshd:session\): session closed for user root
+          Disconnected from user \S+ \S+ port \S+
+          pam_unix\(sshd:session\): session closed for user \S+
          #
          # Somebody evil ...
          #
+          Connection closed by \S+ port 36200 \[preauth\]
          error: kex_exchange_identification: banner line contains invalid characters
          # error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
          # error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
@ -472,6 +511,7 @@
          \S+\.(service|scope|slice|mount): Consumed .+ CPU time, no IP traffic\.
          #
          Started Logrotate Service\.
+          logrotate\.service: Deactivated successfully\.
          Shutting down\.
        '';
        match = "SYSLOG_IDENTIFIER = systemd";