mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-11-25 22:35:03 +01:00
journalwatch config
This commit is contained in:
parent
17b21b0e74
commit
5204b0310a
@ -183,6 +183,8 @@
|
|||||||
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /ocs/(v1|v2)\.php" (200|201|202|204|304|401|403|404|412|500)
|
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /ocs/(v1|v2)\.php" (200|201|202|204|304|401|403|404|412|500)
|
||||||
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|HEAD) /(ocm|ocs)-provider/index\.php" 200
|
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|HEAD) /(ocm|ocs)-provider/index\.php" 200
|
||||||
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|MKCOL|MOVE|PROPFIND|PUT) /public\.php" (200|201|204|207|401|403|404)
|
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|MKCOL|MOVE|PROPFIND|PUT) /public\.php" (200|201|204|207|401|403|404)
|
||||||
|
#
|
||||||
|
crond: USER www-data pid [0-9]+ cmd php -f /var/www/html/cron\.php
|
||||||
'';
|
'';
|
||||||
match = "IMAGE_NAME = /p1st/nextcloud:(25|26|27|stable)-fpm-alpine/";
|
match = "IMAGE_NAME = /p1st/nextcloud:(25|26|27|stable)-fpm-alpine/";
|
||||||
}
|
}
|
||||||
@ -482,6 +484,13 @@
|
|||||||
# _SYSTEMD_UNIT
|
# _SYSTEMD_UNIT
|
||||||
#
|
#
|
||||||
|
|
||||||
|
{ # yodaNas
|
||||||
|
filters = ''
|
||||||
|
.*
|
||||||
|
'';
|
||||||
|
match = "_SYSTEMD_UNIT = /(systemd-logind|syncthing)\\.service/";
|
||||||
|
}
|
||||||
|
|
||||||
{ # yodaNas
|
{ # yodaNas
|
||||||
filters = ''
|
filters = ''
|
||||||
\s*The \S+ (A|AAAA) record points already to \S+
|
\s*The \S+ (A|AAAA) record points already to \S+
|
||||||
@ -545,7 +554,7 @@
|
|||||||
|
|
||||||
{ # yodaYoga, yodaNas
|
{ # yodaYoga, yodaNas
|
||||||
filters = ''
|
filters = ''
|
||||||
Accepted publickey for root from \S+ port \S+ ssh2: RSA SHA256:\S+
|
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
|
||||||
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
||||||
Received disconnect from \S+ port \S+:11: disconnected by user
|
Received disconnect from \S+ port \S+:11: disconnected by user
|
||||||
Disconnected from user \S+ \S+ port \S+
|
Disconnected from user \S+ \S+ port \S+
|
||||||
@ -673,6 +682,8 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
filters = ''
|
filters = ''
|
||||||
|
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)
|
||||||
|
pam_unix\(sudo:session\): session closed for user root
|
||||||
# yodaTux. If the user `yoda` runs a command with `sudo`.
|
# yodaTux. If the user `yoda` runs a command with `sudo`.
|
||||||
\s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
|
\s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
|
||||||
# yodaNas. If the btrbk service is run.
|
# yodaNas. If the btrbk service is run.
|
||||||
@ -692,7 +703,30 @@
|
|||||||
filters = ''
|
filters = ''
|
||||||
\S+\.(service|scope|slice|mount): Consumed .+ CPU time, read .+ from disk, written .+ to disk(, .+|\.)
|
\S+\.(service|scope|slice|mount): Consumed .+ CPU time, read .+ from disk, written .+ to disk(, .+|\.)
|
||||||
\S+\.(service|scope|slice|mount): Consumed .+ CPU time(, .+)?, received .+ IP traffic, sent .+ IP traffic\.
|
\S+\.(service|scope|slice|mount): Consumed .+ CPU time(, .+)?, received .+ IP traffic, sent .+ IP traffic\.
|
||||||
\S+\.(service|scope|slice|mount): Consumed .+ CPU time, no IP traffic\.
|
\S+\.(service|scope|slice|mount): Consumed .+ CPU time(, .+)?, no IP traffic\.
|
||||||
|
#
|
||||||
|
.*smtpd-key\.service.*
|
||||||
|
#
|
||||||
|
Starting User Runtime Directory /run/user/(0|1000)\.\.\.
|
||||||
|
Finished User Runtime Directory /run/user/(0|1000)\.
|
||||||
|
Stopping User Runtime Directory /run/user/(0|1000)\.\.\.
|
||||||
|
Starting User Manager for UID (0|1000)\.\.\.
|
||||||
|
Started User Manager for UID (0|1000)\.
|
||||||
|
Stopping User Manager for UID (0|1000)\.\.\.
|
||||||
|
Started Session [0-9]+ of User (root|yoda)\.
|
||||||
|
session-[0-9]+\.scope: Deactivated successfully\.
|
||||||
|
#
|
||||||
|
Starting Load Kernel Module efi_pstore\.\.\.
|
||||||
|
Starting Create SUID/SGID Wrappers\.\.\.
|
||||||
|
Stopped target Reactivate sysinit units\.
|
||||||
|
Stopping Reactivate sysinit units\.\.\.
|
||||||
|
Reached target Reactivate sysinit units\.
|
||||||
|
Reached target Local File Systems\.
|
||||||
|
Reached target Remote File Systems\.
|
||||||
|
Finished Load Kernel Module efi_pstore\.
|
||||||
|
Finished Create SUID/SGID Wrappers\.
|
||||||
|
[a-zA-Z ]+ was skipped because of an unmet condition check \([^\)]+\)\.
|
||||||
|
Update is Completed was skipped because no trigger condition checks were met\.
|
||||||
#
|
#
|
||||||
Starting Takes BTRFS snapshots and maintains retention policies\.\.\.\.
|
Starting Takes BTRFS snapshots and maintains retention policies\.\.\.\.
|
||||||
Finished Takes BTRFS snapshots and maintains retention policies\.\.
|
Finished Takes BTRFS snapshots and maintains retention policies\.\.
|
||||||
@ -714,7 +748,7 @@
|
|||||||
{
|
{
|
||||||
filters = (''
|
filters = (''
|
||||||
# Somebody evil iterating through different ports
|
# Somebody evil iterating through different ports
|
||||||
refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=0 HOPLIMIT=255 FLOWLBL=\S+ PROTO=TCP SPT=\S+ DPT=\S+ WINDOW=\S+ RES=0x00 SYN URGP=0
|
refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=[0-9]+ HOPLIMIT=[0-9]+ FLOWLBL=[0-9]+ PROTO=TCP SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x00 SYN URGP=0\s+
|
||||||
# Ignore.
|
# Ignore.
|
||||||
systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set
|
systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set
|
||||||
# Ignore.
|
# Ignore.
|
||||||
|
Loading…
Reference in New Issue
Block a user