csf/csf.logignore

###############################################################################
# Copyright (C) 2006-2025 Jonathan Michaelson
#
# https://github.com/waytotheweb/scripts
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, see <https://www.gnu.org/licenses>.
###############################################################################
# The following is a list of regular expressions for the LOGSCANNER feature.
# If a log line matches it will be ignored, otherwise it will be reported


^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ kernel:\s(\[[^\]]+\]\s)?Firewall:

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ suhosin\[\d+\]: ALERT - script tried to increase memory_limit

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view internal
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view external
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view localhost_resolver
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: connection refused resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: lame server resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: network unreachable resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: unexpected RCODE
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* loaded serial
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* sending notifies
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: FORMERR resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: checkhints: view localhost_resolver:

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE REFUSED\) 
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE SERVFAIL\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(host unreachable\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(network unreachable\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(connection refused \) resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(FORMERR\) resolving

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ pure-ftpd: \([\w\?\@\+\%\.]+\@\d+\.\d+\.\d+\.\d+\) \[(INFO|NOTICE)\]

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ Cp-Wrap\[\d+\]:
^\[\S+\s\S+\s\S+\] info

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ gconfd

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Started Session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting Session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Failed to mark scope
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind(\[\d+\])?: New session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind(\[\d+\])?: Removed session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Created slice
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Removed slice user
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting user
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopping user
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Reloading
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting User Slice
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopping User Slice
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Removed slice User
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopped target
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Reached target

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ nscd(\[\d+\])?: \d+\ monitor

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dbus-daemon: dbus\[\d+\]: \[system\] Activating via systemd
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dbus-daemon: dbus\[\d+\]: \[system\] Successfully activated
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dbus\[\d+\]: \[system\] Activating via systemd
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dbus\[\d+\]: \[system\] Successfully activated
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting Time
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Started Time
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot\[\d+\]:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ CRON\[\d+\]:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ MailScanner:
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ clamd\[\d+\]: SelfCheck: Database status OK

==> cpsrvd \S+ started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
GPL v3 Release 2025-08-28 15:15:56 +01:00			`###############################################################################`
			`# Copyright (C) 2006-2025 Jonathan Michaelson`
			`#`
			`# https://github.com/waytotheweb/scripts`
			`#`
			`# This program is free software; you can redistribute it and/or modify it under`
			`# the terms of the GNU General Public License as published by the Free Software`
			`# Foundation; either version 3 of the License, or (at your option) any later`
			`# version.`
			`#`
			`# This program is distributed in the hope that it will be useful, but WITHOUT`
			`# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more`
			`# details.`
			`#`
			`# You should have received a copy of the GNU General Public License along with`
			`# this program; if not, see <https://www.gnu.org/licenses>.`
			`###############################################################################`
			`# The following is a list of regular expressions for the LOGSCANNER feature.`
			`# If a log line matches it will be ignored, otherwise it will be reported`


			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ kernel:\s(\[[^\]]+\]\s)?Firewall:`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ suhosin\[\d+\]: ALERT - script tried to increase memory_limit`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view internal`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view external`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view localhost_resolver`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: connection refused resolving`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: lame server resolving`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: network unreachable resolving`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: unexpected RCODE`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* loaded serial`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* sending notifies`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: FORMERR resolving`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: checkhints: view localhost_resolver:`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE REFUSED\)`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE SERVFAIL\)`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(host unreachable\)`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(network unreachable\)`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(connection refused \) resolving`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(FORMERR\) resolving`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ pure-ftpd: \([\w\?\@\+\%\.]+\@\d+\.\d+\.\d+\.\d+\) \[(INFO\|NOTICE)\]`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ Cp-Wrap\[\d+\]:`
			`^\[\S+\s\S+\s\S+\] info`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ gconfd`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Started Session`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting Session`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Failed to mark scope`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind(\[\d+\])?: New session`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind(\[\d+\])?: Removed session`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Created slice`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Removed slice user`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting user`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopping user`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Reloading`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting User Slice`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopping User Slice`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Removed slice User`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Stopped target`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Reached target`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ nscd(\[\d+\])?: \d+\ monitor`

			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dbus-daemon: dbus\[\d+\]: \[system\] Activating via systemd`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dbus-daemon: dbus\[\d+\]: \[system\] Successfully activated`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dbus\[\d+\]: \[system\] Activating via systemd`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dbus\[\d+\]: \[system\] Successfully activated`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Starting Time`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ systemd(\[\d+\])?: Started Time`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot\[\d+\]:`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot:`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ CRON\[\d+\]:`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ MailScanner:`
			`^(\S+\|\S+\s+\d+\s+\S+) [^\s\.]+ clamd\[\d+\]: SelfCheck: Database status OK`

			`==> cpsrvd \S+ started`
			`==> cpsrvd: loading security policy....Done`
			`==> cpsrvd: Setting up SSL support ... Done`
			`==> cpsrvd: transferred port bindings`
			`==> cpsrvd: bound to ports`