From d2cc4330e22e0eb16ee44db49f02066eb9f83490 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Tue, 12 Dec 2023 18:55:31 +0100 Subject: [PATCH] Update logcheck ignores --- playbooks/files/system/base/logs/all | 1 + playbooks/files/system/base/logs/yggdrasil | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/files/system/base/logs/all b/playbooks/files/system/base/logs/all index d7ca90d..7c5bafe 100644 --- a/playbooks/files/system/base/logs/all +++ b/playbooks/files/system/base/logs/all @@ -5,4 +5,5 @@ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: rsyslog\.service: Sent signal SIGHUP to main process [[:digit:]]+ \(rsyslogd\) on client request\.$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd-journald\[[0-9]+\]: Data hash table of /var/log/journal/[[:alnum:]]+/system\.journal has a fill level at [0-9]+\.[0-9+]+ \([0-9]+ of [0-9]+ items, [0-9]+ file size, [0-9]+ bytes per hash table item\), suggesting rotation\.$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd-journald\[[0-9]+\]: /var/log/journal/[[:alnum:]]+/system\.journal: Journal header limits reached or header out-of-date, rotating\.$ +^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd-journald\[[0-9]+\]: Oldest entry in /var/log/journal/[[:alnum:]]+/system\.journal is older than the configured file retention duration \(.*\), suggesting rotation\.$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ rsyslogd(\[[0-9]+\])?: \[origin software="rsyslogd" swVersion="[0-9]+\.[0-9]+\.[0-9]+" x-pid="[0-9]+" x-info="https:\/\/www\.rsyslog\.com"\] rsyslogd was HUPed$ diff --git a/playbooks/files/system/base/logs/yggdrasil b/playbooks/files/system/base/logs/yggdrasil index 6722e3e..638b87d 100644 --- a/playbooks/files/system/base/logs/yggdrasil +++ b/playbooks/files/system/base/logs/yggdrasil @@ -1,4 +1,4 @@ -^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ kernel: \[\s*[0-9]+\.[0-9]+\] perf: interrupt took too long \([0-9]+ > [0-9]+\), lowering kernel\.perf_event_max_sample_rate to [0-9]+$ +^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ kernel: perf: interrupt took too long \([0-9]+ > [0-9]+\), lowering kernel\.perf_event_max_sample_rate to [0-9]+$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ restic-batch\[[0-9]+\]: (Mounting|Unmounting) [-_/@:[:alnum:]]+ (to|from) [-_/@:[:alnum:]]+$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Snapshot ZFS filesystems|Prune ZFS snapshots|Replicate snapshots using syncoid)\.$ ^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: (sanoid\.service|syncoid-batch\.service|sanoid-prune\.service): Consumed ([0-9]{1,2}min )?[0-9]{1,2}\.[0-9]{3}s CPU time\.$