"Fossies" - the Fresh Open Source Software Archive 
Member "sshdfilter-1.5.7/devel/messages4logwatch.txt" (31 May 2006, 3389 Bytes) of package /linux/privat/old/sshdfilter-1.5.7.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 __Startup messages__
2 .* is missing .* redirect, sshdfilter rendered useless.
3 .* is missing .* chain, sshdfilter rendered useless.
4 sshdfilter .* starting up, running sshd proper.
5 sshdfilter .* starting up.
6 Flushing .* chain
7
8 __Error startup messages__
9 couldn't run .*
10 cannot fork: .*
11 ran sshd and waited one second, it died and said: status=.* error=.*
12
13 __DEBUG messages__ Notice they all start with DB:
14 DB:OPTIONS
15 DB: repurgetime=[0-9]+
16 DB: maxblocktime=[0-9]+
17 DB: maxchances=[0-9]+
18 DB: iptablesoptions=
19 DB: sshdpath=
20 DB: sshdname=
21 DB: logpid=
22 DB: ip6toip4=
23 DB: iptables command=
24 DB: iptables chain=
25 DB: debug=
26 DB: logsource=
27 DB: sshd args=
28 DB: sanitise=
29 DB: mail=
30 DB:USER POLICY entries=[0-9]+
31 DB: [0-9]+, [0-9]+, [0-9]+, .+
32 DB:IP POLICY entries=[0-9]+
33 DB: [0-9]+, action=[0-9]+, re=.+
34 DB:EMAIL POLICY entries=[0-9]+
35 DB: [0-9]+, action=[0-9]+, re=.+
36 DB: msg_pid_2_ip\[[0-9]+\]=.*
37 DB: map_pid_2_ip\[[0-9]+\]=.*
38 DB: msg_pid_exit\[[0-9]+\]=.*
39 DB: map_pid_exit\[[0-9]+\]=.*
40 DB: msg_invalid\[[0-9]+\]=.+
41 DB: map_invalid\[[0-9]+\]=.+
42 DB: msg_failed_valid\[[0-9]+\]=.+
43 DB: map_failed_valid\[[0-9]+\]=.+
44 DB: msg_accepted_user\[[0-9]+\]=.+
45 DB: map_accepted_user\[[0-9]+\]=.+
46 DB: msg_no_id_string\[[0-9]+\]=.+
47 DB: map_no_id_string\[[0-9]+\]=.+
48 DB: msg_quit\[[0-9]+\]=.+
49 DB: map_quit\[[0-9]+\]=.+
50
51
52 __General error messages__
53
54 system(\".*\"); failed: .*
55 Suggest trying the same command in a shell.
56 sshdfilter couldn't email block event
57
58 __DEBUG error messages__
59 DB:pre mail command is .*
60 DB:post mail command is .*
61
62 __DEBUG general runtime messages__
63 DB:u2m: un=.*, ev=.*, idx=[0-9]+, userre=.*
64 DB:Aline=.*
65 DB:INVALID: ip black listed, [0-9a-fA-F:\.]+
66 DB:INVALID: dirty=[0-9]+ user=.*, ip=[0-9a-fA-F:\.]+
67 DB:NOID: ip black listed, [0-9a-fA-F:\.]+
68 DB:NOID: ip=[0-9a-fA-F:\.]+
69 DB:FAILVAL: ip black listed user=.*, ip=[0-9a-fA-F:\.]+
70 DB:FAILVAL: user=.*, ip=[0-9a-fA-F:\.]+
71 DB:ACCEPT: user=.*, ip=[0-9a-fA-F:\.]+
72 DB:QUIT: signal=.*
73 DB:PID2IP: pid=[0-9]-, ip=[0-9a-fA-F:\.]+
74 DB:PIDEXIT: pid=[0-9]-, stored ip=[0-9a-fA-F:\.]+
75
76 __General event messages__
77 # The ones that are counted and summerised, you might want to categorise these
78 # to reduce the types. Not sure what categories to use.
79 Cancelled .* block from [0-9a-fA-F:\.]+
80 Illegal username from white listed ip [0-9a-fA-F:\.]+, user .*
81 Illegal user name from black listed ip, instant block of [0-9a-fA-F:\.]+
82 Illegal user name, blocking after [0-9]+ chances
83 No ssh id from black listed ip, instant block of [0-9a-fA-F:\.]+
84 No ssh id string from client, blocking after [0-9]+ chances
85 Failure from valid user on a black listed ip, instant block of [0-9a-fA-F:\.]+
86 Valid user failed, blocking after [0-9]+ chances
87 sshd received signal .*, closing sshdfilter
88 Illegal user name, blocking [0-9a-fA-F:\.]+ after [0-9]+ chances
89 Chanced illegal user name from [0-9a-fA-F:\.]+, [0-9]+ guesses out of [0-9]+
90 No ssh id from white listed ip [0-9a-fA-F:\.]+, user .*
91 No ssh id string from client, blocking [0-9a-fA-F:\.]+ after [0-9]+ chances
92 Chanced missing ssh id string from [0-9a-fA-F:\.]+, [0-9]+ guesses out of [0-9]+
93 Failure from valid user from white listed ip [0-9a-fA-F:\.]+, user .*
94 Valid user failed, blocking [0-9a-fA-F:\.]+ after [0-9]+ chances
95 Chanced valid user name from [0-9a-fA-F:\.]+, [0-9]+ guesses out of [0-9]+
96 Valid login, cancelled .* block from [0-9a-fA-F:\.]+
97
98 __Shutdown messages__
99 sshd quit, closing sshdfilter
100 closing sshdfilter
101