webmaster-flw · flamsens · Feb 12, 2020 · Apr 9, 2020 · Apr 14, 2020 · Apr 15, 2020
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 /*
 !/.gitignore
+!/deploy*
 !/ignore.d.server/
 /ignore.d.server/*
 !/ignore.d.server/domino*

diff --git a/deploy.sh b/deploy.sh
@@ -1,22 +1,7 @@
-#!/bin/bash
+#!/bin/sh
 
-HOSTS=(
-    linode2
-    linode2-
-    linode
-    linode-
-    adm
-    waw
-    edyta
-    m81
-    m81-
-)
+set -e
 
-for host in ${HOSTS[*]}; do
-    echo "syncing ${host}"
-    rsync --timeout 5 -av --chown=root:logcheck ignore.d.server/ root@${host}:/etc/logcheck/ignore.d.server
-done
+./test.sh && echo "test done."
 
-# rsync -av --chown=root:logcheck ignore.d.server/ root@linode2:/etc/logcheck/ignore.d.server
-# rsync -av --chown=root:logcheck ignore.d.server/ root@adm:/etc/logcheck/ignore.d.server
-# rsync -av --chown=root:logcheck ignore.d.server/ root@edyta.org.pl:/etc/logcheck/ignore.d.server
+ansible-playbook deploy.yml
diff --git a/deploy.yml b/deploy.yml
@@ -0,0 +1,12 @@
+- hosts: servers,!nanode
+
+  remote_user: root
+
+  gather_facts: true
+
+  tasks:
+    - name: sync
+      synchronize:
+        src: ignore.d.server
+        dest: /etc/logcheck
+        delete: yes
diff --git a/ignore.d.server/domino-amavisd b/ignore.d.server/domino-amavisd
@@ -1,4 +1,4 @@
-# ; -*- mode: text; fill-column: 99999 -*-
+# ; -*- mode: conf; fill-column: 99999 -*-
 
 # Sat Aug  4 17:58:14 CST 2018
 
@@ -7,3 +7,10 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM|SPAMMY|INFECTED \([-._[:alnum:][:space:]]+\)|BAD-HEADER(-[[:digit:]])?)( \{((Relayed(OpenRelay|Inbound|Outbound)|Quarantined),?)+\})?,( LOCAL)?( \[(IPv6:)?[[:xdigit:].:]{3,39}\](:[[:digit:]]+)?){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( quarantine: [[:alnum:]]/(spam|virus|badh)-[-+_[:alnum:]]+(\.gz)?,)?( Queue-ID: [[:xdigit:]]{10,11},)?( Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?( Resent-Message-ID: <[^>]+>,)? mail_id: [-+_[:alnum:]]+, Hits: (-?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]/]+(, dkim_id=[-=_+\.,@[:alnum:]]+)?(, dkim_sd=[^[:space:]]+)?( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Blocked (SPAM|BANNED \([-.,_[:alnum:][:space:]\\]+\))( {((NoBounceInbound|BouncedOpenRelay|DiscardedInbound|Quarantined|NoBounceOpenRelay),?)+})?,(( \[(IPv6:)?[[:xdigit:].:]{3,39}\](:[[:digit:]]+)?){1,2})? <[^>]*> -> (<[^>]*>,?)+,( quarantine: [[:alnum:]]/(banned|spam)-[-+_[:alnum:]]+(\.gz)?,)?( Queue-ID: [[:xdigit:]]{10},)?( Message-ID: <[^>]+>,)?( \((added by[^)]+|sfid-[_[:xdigit:]]+)\),)?( Resent-Message-ID: <[^>]+>,)?( mail_id: [-+_[:alnum:]]+,)? Hits: (-?[.[:digit:]]*)+, size: [[:xdigit:]]+(, dkim_id=[-=_+\.,@[:alnum:]]+)?(, dkim_sd=[^[:space:]]+)?( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
+
+
+# Jan 01 00:00:00 debian amavis[23028]: (23028-15) Passed SPAM {RelayedTaggedInbound,Quarantined}, [1.2.3.4] [1.2.3.4] <user@domain.com> -> <user@domain.com>, quarantine: 2/spam-21caAMxOOX1T.gz, mail_id: 21caAMxOOX1T, Hits: 22.109, size: 2257, queued_as: 9F5CB40970, 1782 ms
+# Jan 01 00:00:00 debian amavis[13944]: (13944-18) Passed SPAM {RelayedTaggedInbound,Quarantined}, [1.2.3.4] [1.2.3.4] <user@domain.com> -> <user@domain.com>, quarantine: t/spam-texYR1HFOQJL.gz, Message-ID: <2079978790.654136.1579145280906.JavaMail.user@domain.com>, mail_id: texYR1HFOQJL, Hits: 6.627, size: 4410, queued_as: 0993B400C9, 796 ms
+# Jan 01 00:00:00 debian amavis[11111]: (07635-18) Passed SPAM {RelayedTaggedInbound,Quarantined}, [1.2.3.4] [1.2.3.4] <dstartup004@gmail.com> -> <user@domain.com>, quarantine: w/spam-wHNx4wR-oxs3.gz, Message-ID: <20200120002624.B93004436@mail0.ceniai.inf.cu>, mail_id: wHNx4wR-oxs3, Hits: 8.798, size: 2295, queued_as: AF9314084B, 4047 ms
+
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([0-9-]+\) Passed SPAM {RelayedTaggedInbound,Quarantined}, \[[0-9.]+\] \[[0-9.]+\] <[@[:alnum:].]+> -> <[@[:alnum:].]+>, quarantine: [[:alnum:]\/.-]+,( Message-ID: <[[:alnum:]@.]+>,)? mail_id: [[:alnum:]-]+, Hits: [0-9.]+, size: [0-9]+, queued_as: [[:alnum:]]+, [0-9]+ ms$
diff --git a/ignore.d.server/domino-anacron b/ignore.d.server/domino-anacron
@@ -0,0 +1,22 @@
+# ; -*- mode: conf; fill-column: 99999 -*-
+
+# Jan  9 07:30:02 debian anacron[2533381]: Will run job `cron.daily' in 5 min.
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Will run job \`cron.[[:alnum:]]+\' in [0-9]+ min.$
+
+# Jan  9 07:30:02 debian anacron[2533381]: Jobs will be executed sequentially
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Jobs will be executed sequentially$
+
+# Jan  9 07:35:02 debian anacron[2533930]: Updated timestamp for job `cron.daily' to 2023-01-09
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Updated timestamp for job \`cron.[[:alnum:]]+\' to [0-9-]+$
+
+# Jan  9 07:35:40 debian anacron[2533381]: Job `cron.daily' terminated
+# Jan  9 07:35:02 debian anacron[2533381]: Job `cron.daily' started
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Job \`cron.[[:alnum:]]+\' (started|terminated)$
+
+# Jan  8 11:30:54 debian anacron[2464186]: Anacron 2.3 started on 2023-01-08
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Anacron [0-9.]+ started on [0-9-]+$
+
+# Jan  8 11:30:54 debian anacron[2464186]: Normal exit (0 jobs run)
+# Jan  9 07:35:40 debian anacron[2533381]: Normal exit (1 job run)
+^\w{3} [ :[:digit:]]{11} [_[:alnum:]-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ job(s) run\)$
+
diff --git a/ignore.d.server/domino-dhclient b/ignore.d.server/domino-dhclient
@@ -0,0 +1,5 @@
+# ; -*- mode: conf; fill-column: 99999 -*-
+
+# May  3 04:14:16 debian dhclient[442]: DHCPREQUEST for 1.2.3.4 on eth0 to 2.3.4.5 port 67
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCP(REQUEST|RELEASE) (for [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67( \(xid=0x[[:xdigit:]]{8}\))?$
diff --git a/ignore.d.server/domino-dnscrypt-proxy b/ignore.d.server/domino-dnscrypt-proxy
@@ -2,4 +2,4 @@
 
 # Aug 11 22:50:28 debian dnscrypt-proxy[25869]: [2019-08-11 22:50:28] [NOTICE] Server with the lowest initial latency: soltysiak (rtt: 29ms)
 
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dnscrypt-proxy\[[[:digit:]]+\]: \[[-[:digit:]]+ [\:[:digit:]]+\] \[NOTICE\] Server with the lowest initial latency: [[:alnum:]]+ \(rtt: [[:digit:]]+ms\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dnscrypt-proxy\[[[:digit:]]+\]: \[[[:digit:]-]+ [\:[:digit:]]+\] \[NOTICE\] Server with the lowest initial latency: [[:alnum:]]+ \(rtt: [[:digit:]]+ms\)$
diff --git a/ignore.d.server/domino-dnsmasq b/ignore.d.server/domino-dnsmasq
@@ -0,0 +1,11 @@
+# Apr 22 12:32:20 debian dnsmasq-dhcp[1222]: DHCPSOLICIT(br0) 00:01:00:01:27:f4:b3:ab:74:78:27:68:64:04
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPSOLICIT\([[:alnum:]]+\) [[:xdigit:]:]+$
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPCONFIRM\([[:alnum:]]+\) [[:xdigit:]:]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPREPLY\([[:alnum:]]+\) [[:xdigit:]:]+ [[:xdigit:]:]+ confirm failed$
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[0-9]+\]: reducing DNS packet size for nameserver [[:digit:].]+ to [0-9]+$
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq-dhcp\[[0-9]+\]: DHCPINFORMATION-REQUEST\([[:alnum:]]+\) [[:xdigit:]:]+ [[:alnum:]_-]+$
+
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@

		# Aug 11 22:50:28 debian dnscrypt-proxy[25869]: [2019-08-11 22:50:28] [NOTICE] Server with the lowest initial latency: soltysiak (rtt: 29ms)

		^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dnscrypt-proxy\[[[:digit:]]+\]: \[[-[:digit:]]+ [\:[:digit:]]+\] \[NOTICE\] Server with the lowest initial latency: [[:alnum:]]+ \(rtt: [[:digit:]]+ms\)$
		^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dnscrypt-proxy\[[[:digit:]]+\]: \[[[:digit:]-]+ [\:[:digit:]]+\] \[NOTICE\] Server with the lowest initial latency: [[:alnum:]]+ \(rtt: [[:digit:]]+ms\)$