summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2024-09-28 23:17:41 +0200
committerHendrik Jäger <gitcommit@henk.geekmail.org>2024-09-28 23:17:41 +0200
commit49807c755a38b97c4f5a9e5e0b2e64e3170bdd7a (patch)
tree9dcd22e8e3d350f2d5d0f10af045a5d91a218926
parentce3dfbe0d70181102a628582549894fa1adc227f (diff)
update rules
Diffstat
-rw-r--r--files/etc/logcheck/ignore.d.server/local-auditd5
-rw-r--r--files/etc/logcheck/ignore.d.server/local-dnsmasq13
-rw-r--r--files/etc/logcheck/ignore.d.server/local-haveged2
-rw-r--r--files/etc/logcheck/ignore.d.server/local-kernel1
-rw-r--r--files/etc/logcheck/ignore.d.server/local-smart4
-rw-r--r--files/etc/logcheck/ignore.d.server/local-unbound1
6 files changed, 21 insertions, 5 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-auditd b/files/etc/logcheck/ignore.d.server/local-auditd
index 42a4349..95427e1 100644
--- a/files/etc/logcheck/ignore.d.server/local-auditd
+++ b/files/etc/logcheck/ignore.d.server/local-auditd
@@ -24,10 +24,13 @@
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=ANOM_PROMISCUOUS msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): dev=[[:alnum:].]+ prom=[[:digit:]]+ old_prom=[[:digit:]]+ auid=[[:digit:]]+ uid=[[:digit:]]+ gid=[[:digit:]]+ ses=[[:digit:]]+([^[:alpha:]]+AUID="[[:alnum:]]+" UID="root" GID="root")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=BPF msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): prog-id=[[:digit:]]+ op=LOAD$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=BPF msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): prog-id=[[:digit:]]+ op=UNLOAD$
+^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=CONFIG_CHANGE msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): op=set (audit_pid|audit_backlog_limit|audit_failure|audit_backlog_wait_time)=[[:digit:]]+ old=[[:digit:]]+ auid=0 ses=[[:digit:]]+ subj=unconfined res=[[:digit:]]+[^[:alpha:]]+AUID="root"$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=CRED_ACQ msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='op=PAM:setcred grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=[[:alnum:]:.?]+ addr=[[:xdigit:]:.?]+ terminal=[^[:space:]]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]@_-]+")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=CRED_DISP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='op=PAM:setcred grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=[[:alnum:]:.?]+ addr=[[:xdigit:]:.?]+ terminal=[^[:space:]]+ res=success'([^[:alpha:]]+UID="[[:alnum:]]+" AUID="[[:alnum:]@_-]+")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=CRED_REFR msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='op=PAM:setcred grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=[[:alnum:]:.?]+ addr=[[:xdigit:]:.?]+ terminal=[^[:space:]]+ res=success'([^[:alpha:]]+UID="[[:alnum:]]+" AUID="[[:alnum:]@_-]+")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=CWD msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): cwd="/root"$
+^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=DAEMON_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): op=terminate auid=0 uid=0 ses=[[:digit:]]+ pid=[[:digit:]]+ subj=unconfined res=success[^[:alpha:]]+UID="root"$
+^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=DAEMON_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): op=start ver=[[:digit:].]+ format=enriched kernel=[[:alnum:].-]+ auid=0 pid=[[:digit:]]+ uid=0 ses=[[:digit:]]+ subj=unconfined +res=success[^[:alpha:]]+AUID="root" UID="root"$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=LOGIN msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ subj==?unconfined old-auid=[[:digit:]]+ auid=[[:digit:]]+ tty=\(none\) old-ses=[[:digit:]]+ ses=[[:digit:]]+ res=1([^[:alpha:]]+UID="root" OLD-AUID="[[:alpha:]]+" AUID="[[:alnum:]@_-]+")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=NETFILTER_CFG msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): table=filter:[[:digit:]]+ family=1 entries=[[:digit:]]+ op=nft_register_chain pid=[[:digit:]]+ subj=unconfined comm="nft"$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=NETFILTER_CFG msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): table=filter:[[:digit:]]+ family=1 entries=[[:digit:]]+ op=nft_unregister_table pid=[[:digit:]]+ subj=unconfined comm="nft"$
@@ -38,7 +41,7 @@
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=PROCTITLE msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): proctitle=[[:xdigit:]]+$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=SERVICE_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='unit=[[:alnum:]@_-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=[^[:space:]]+ res=success'[^[:alpha:]]+UID="root" AUID="unset"$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=SERVICE_STOP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='unit=[[:alnum:]@_-]+ comm="systemd" exe="/usr/lib/systemd/systemd" hostname=\? addr=\? terminal=[^[:space:]]+ res=success'[^[:alpha:]]+UID="root" AUID="unset"$
-^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=SYSCALL msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): arch=[[:xdigit:]]+ syscall=[[:digit:]]+ success=yes exit=[[:digit:]]+ a0=[[:xdigit:]]+ a1=[[:xdigit:]]+ a2=[[:xdigit:]]+ a3=[[:xdigit:]]+ items=[[:digit:]]+ ppid=[[:digit:]]+ pid=[[:digit:]]+ auid=[[:digit:]]+ uid=[[:digit:]]+ gid=[[:digit:]]+ euid=[[:digit:]]+ suid=[[:digit:]]+ fsuid=[[:digit:]]+ egid=[[:digit:]]+ sgid=[[:digit:]]+ fsgid=[[:digit:]]+ tty=(\(none\)|pts0) ses=[[:digit:]]+ comm="[[:alnum:]]+" exe="[[:alnum:]/]+" subj=unconfined key=\(null\)[^[:alpha:]]+ARCH=x86_64 SYSCALL=(write|ioctl|sendmsg) AUID="[[:alnum:]_]+" UID="[[:alnum:]]+" GID="[[:alnum:]]+" EUID="[[:alnum:]]+" SUID="[[:alnum:]]+" FSUID="[[:alnum:]]+" EGID="[[:alnum:]]+" SGID="[[:alnum:]]+" FSGID="[[:alnum:]]+"$
+^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=SYSCALL msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): arch=[[:xdigit:]]+ syscall=[[:digit:]]+ success=yes exit=[[:digit:]]+ a0=[[:xdigit:]]+ a1=[[:xdigit:]]+ a2=[[:xdigit:]]+ a3=[[:xdigit:]]+ items=[[:digit:]]+ ppid=[[:digit:]]+ pid=[[:digit:]]+ auid=[[:digit:]]+ uid=[[:digit:]]+ gid=[[:digit:]]+ euid=[[:digit:]]+ suid=[[:digit:]]+ fsuid=[[:digit:]]+ egid=[[:digit:]]+ sgid=[[:digit:]]+ fsgid=[[:digit:]]+ tty=(\(none\)|pts[[:digit:]]+) ses=[[:digit:]]+ comm="[[:alnum:]]+" exe="[[:alnum:]/]+" subj=unconfined key=\(null\)[^[:alpha:]]+ARCH=x86_64 SYSCALL=(write|ioctl|sendmsg|sendto) AUID="[[:alnum:]_]+" UID="[[:alnum:]]+" GID="[[:alnum:]]+" EUID="[[:alnum:]]+" SUID="[[:alnum:]]+" FSUID="[[:alnum:]]+" EGID="[[:alnum:]]+" SGID="[[:alnum:]]+" FSGID="[[:alnum:]]+"$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=UNKNOWN\[[[:digit:]]+\] msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): module=crypt op=ctr ppid=[[:digit:]]+ pid=[[:digit:]]+ auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=[[:digit:]]+ comm="cryptsetup" exe="/usr/sbin/cryptsetup" subj=unconfined dev=[[:digit:]:]+ error_msg='success' res=1AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=USER_ACCT msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='op=PAM:accounting grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_*-]+" exe="[^"]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[^[:space:]]+ res=success'([^[:alpha:]]+UID="[[:alnum:]]+" AUID="[[:alnum:]]+")?$
^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?type=USER_AUTH msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==?unconfined msg='op=PAM:authentication grantors=(\?|pam_[[:alnum:]]+,?)+ acct="?[[:alnum:]?"?'$#%^~&,.;:!+=@_*\(\)\{\}-]*"? exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[^[:space:]]+ res=(failed|success)'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$
diff --git a/files/etc/logcheck/ignore.d.server/local-dnsmasq b/files/etc/logcheck/ignore.d.server/local-dnsmasq
index a19ea76..90faad4 100644
--- a/files/etc/logcheck/ignore.d.server/local-dnsmasq
+++ b/files/etc/logcheck/ignore.d.server/local-dnsmasq
@@ -5,8 +5,17 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCPREPLY\([[:alnum:]-]+\) [[:xdigit:]:]+ [[:xdigit:]:]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCP, sockets bound exclusively to interface [[:alnum:]]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCPSOLICIT\([[:alnum:]-]+\) [[:xdigit:]:]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCP, static leases only on [[:digit:].]+, lease time 1h$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCPv6, IP range [[:xdigit:]:]+ -- [[:xdigit:]:]+, lease time 1d, constructed for [[:alnum:]-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: DHCPv6, IP range ::[[:xdigit:]]+ -- ::[[:xdigit:]]+, lease time 1d, template for [[:alnum:]-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: IPv6 router advertisement enabled$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: router advertisement on [[:alnum:]-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: router advertisement on [[:xdigit:]:]+, constructed for [[:alnum:]-]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: RTR-ADVERT\([[:alnum:]-]+\) [[:xdigit:]:]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: RTR-SOLICIT\([[:alnum:]-]+\) [[:xdigit:]:]+$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: started, version 2\.85 cachesize 150$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset( nftset)? auth cryptohash DNSSEC loop-detect inotify dumpfile$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: exiting on receipt of SIGTERM$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ names$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: started, version [[:digit:].]+ cachesize 150$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: using nameserver [[:xdigit:].:]+#53$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dnsmasq-tftp\[[[:digit:]]+\]: TFTP root is [^[:space:]]+$
diff --git a/files/etc/logcheck/ignore.d.server/local-haveged b/files/etc/logcheck/ignore.d.server/local-haveged
new file mode 100644
index 0000000..c3e1baf
--- /dev/null
+++ b/files/etc/logcheck/ignore.d.server/local-haveged
@@ -0,0 +1,2 @@
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ haveged: haveged starting up$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ haveged: haveged: Stopping due to signal 15$
diff --git a/files/etc/logcheck/ignore.d.server/local-kernel b/files/etc/logcheck/ignore.d.server/local-kernel
index c677840..dc2d532 100644
--- a/files/etc/logcheck/ignore.d.server/local-kernel
+++ b/files/etc/logcheck/ignore.d.server/local-kernel
@@ -137,6 +137,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? ath: Regpair used: 0x3a$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? ATOM BIOS: ATI$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? audit: initializing netlink subsys \(disabled\)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? audit: type=1305 audit\([[:digit:].:]+\): op=set (audit_pid|audit_enabled)=[[:digit:]]+ old=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj=unconfined res=[[:digit:]]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? audit: type=1400 audit\([[:digit:].:]+\): apparmor="STATUS" operation="profile_load" profile="unconfined" .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? audit: type=2000 audit\([[:digit:].:]+\): state=initialized audit_enabled=0 res=1$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? AVX2 version of gcm_enc/dec engaged.$
diff --git a/files/etc/logcheck/ignore.d.server/local-smart b/files/etc/logcheck/ignore.d.server/local-smart
index 51039cb..dad8e6e 100644
--- a/files/etc/logcheck/ignore.d.server/local-smart
+++ b/files/etc/logcheck/ignore.d.server/local-smart
@@ -1,7 +1,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Configuration file /etc/smartd.conf was parsed, found DEVICESCAN, scanning devices$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Copyright \(C\) [[:digit:]-]+, .*, www\.smartmontools\.org$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[[:alnum:]]+ \[SAT\], found in smartd database: .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[[:alnum:]]+ \[SAT\], [^,]+, S/N:[[:alnum:]]+,( WWN:[[:alnum:]-]+,)? FW:[[:alnum:].]+, [[:digit:].]+ [GT]B$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[[:alnum:]]+ \[SAT\], found in smartd database.*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[[:alnum:]]+ \[SAT\], [^,]+, S/N:[[:alnum:]-]+,( WWN:[[:xdigit:]-]+,)? FW:[[:alnum:].]+, [[:digit:].]+ [GT]B$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[[:alnum:]]+, type changed from 'scsi' to 'sat'$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Drive: DEVICESCAN, implied '-a' Directive on line 21 of file /etc/smartd.conf$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Monitoring [[:digit:]]+ ATA/SATA, [[:digit:]]+ SCSI/SAS and [[:digit:]]+ NVMe devices$
diff --git a/files/etc/logcheck/ignore.d.server/local-unbound b/files/etc/logcheck/ignore.d.server/local-unbound
index 0bbbe48..9b8330b 100644
--- a/files/etc/logcheck/ignore.d.server/local-unbound
+++ b/files/etc/logcheck/ignore.d.server/local-unbound
@@ -4,6 +4,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting#
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] notice: init module 0: subnet$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] notice: init module 0: subnetcache$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] notice: init module 1: validator$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] notice: init module 2: iterator$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ unbound: \[[[:digit:]]+:0\] info: start of service \(unbound [[:digit:].]+\)\.$
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-18 12:18:58 +0000