[ADD] ## # Here is where you add your own rules # ansible.*: Invoked.* ansible.*: message repeated.* ansible-accelerate:.* auditd.*: Audit daemon rotating log files btseed.* collectd.*: Filter subsystem.* collectd.*: Value too old.* collectd.*: processes plugin: Failed to read from.* collectd.*: 0 Success:.*value has been dispatched. collectd.*: message repeated.*times.*0 Success:.* collectd.*: exec plugin.*Unable to parse command\, ignoring line.* dbus.*:.*avc:.*received.* dbus.*:.*Reloaded configuration.* dbus.*:.*Successfully activated service 'org.fedoraproject.Setroubleshootd'.* dbus.*:.*Successfully activated service 'org.freedesktop.nm_dispatcher' dbus.*:.*\[system\].*Activating via systemd: service.* dbus.*:.*\[system\].*Activating.*using servicehelper.* dbus-daemon.*:.*Successfully activated service \'org.fedoraproject.Setroubleshootd\'.* dbus-daemon.*:.*Activating via systemd: service.* dbus-daemon.*:.*Successfully activated service.* dhclient.*: bound to.* dhclient.*: DHCPDISCOVER.* dhclient.*: DHCPACK.* dhclient.*: DHCPREQUEST.* dhcpd:.*Wrote.*leases file.* dnsmasq-dhcp.* # work around bug https://bugzilla.redhat.com/show_bug.cgi?id=947989 dhclient.*: send_packet: Operation not permitted dhclient.*: dhclient.c:.*: Failed to send 300 byte long packet over fallback interface. dhclient.*: Internet Systems Consortium DHCP Client.* dhclient.*: Copyright 2004-2013 Internet Systems Consortium. dhclient.*: All rights reserved. dhclient.*: For info, please visit https://www.isc.org/software/dhcp/ dhclient.*: Listening on.* dhclient.*: Sending on.* dhclient.*: Sending on.* dhclient.*: $ docker.* fedmsg-hub.* moksha-hub.* mailman3.* freshclam.*: Can't connect to port 80 of host.* freshclam.*: connect_error:.* freshclam.*: Downloading.* freshclam.*:.*is up to date.* freshclam.*:.*updated.* freshclam.*: Database updated.* freshclam.*: ClamAV update process started git-daemon.*: Connection from.* git-daemon.*: Connection reset by peer git-daemon.*: .* does not appear to be a git repository git-daemon.*: Extended attributes.* git-daemon.*: Request upload-pack.* git-daemon.*: The remote end hung up unexpectedly git-daemon.*: userpath.* git-daemon.*: Request upload-archive for.* git-daemon.*: fatal: write error: Connection timed out groupadd.*: group added to.*: name=(mockbuild|dialout|floppy|cdrom|tape|utmp|utempter|dbus|avahi-autoipd|rpc|rpcuser|nfsnobody|ssh_keys).* (group|user)add.*: new (user|group): name=(mockbuild|dialout|floppy|cdrom|tape|utmp|utempter|dbus|avahi-autoipd|rpc|rpcuser|nfsnobody|ssh_keys).* heartbeat.* info:.* heartbeat.*:info.* heartbeat.*:WARN: Gmain_timeout_dispatch: Dispatch function for retransmit request took too long to execute.* in.tftpd.*: tftp: client does not accept options kernel:.*CPU.*power limit.* kernel:.*dma-pl330 fff3d000.dma: Reset Channel.* kernel: TCPv6: Possible SYN flooding on port 80. Sending cookies. kernel: TCPv6: Possible SYN flooding on port 80. Dropping request. kernel: possible SYN flooding on port 80. Sending cookies. kernel: EXT4-fs \(.*\): mounted filesystem with ordered data mode.* kernel: ioctl32\(e2fsck.* kernel: ioctl32\(resize2fs.* kernel: md: data-check of RAID array.* kernel: md: delaying data-check of.* kernel: md: md.*: data-check done. kernel: md: minimum _guaranteed_ speed.* kernel: md: using 128k window.* kernel: md: using maximum available idle IO bandwidth.* kernel: printk.*suppressed. kernel: __ratelimit:.*callbacks suppressed kernel:.*subj=.* kernel:.*exe=.* \(sauid=.*, hostname=.* addr=.* terminal=.*\) kernel:.*type=.*audit\(.* kernel:.*audit_printk_skb:.*callbacks suppressed kernel:.*usb 3-3: new full-speed USB device number.*using xhci_hcd kernel:.*usb 3-3: Device not responding to set address. kernel:.*usb 3-3: Device not responding to set address. kernel:.*usb 3-3: device not accepting address.*error -71 kernel:.*kvm.*vcpu.*unhandled rdmsr.* kernel:.*kvm_get_msr_common:.*callbacks suppressed kernel:.*device vnet.*entered promiscuous mode kernel:.*virbr0: port.*entered.*state kernel:.*virbr0: topology change detected, propagating koschei.* lvm.*: Another thread is handling an event. Waiting...* nagios: Auto-save of retention data completed successfully nagios: CURRENT.* nagios: EXTERNAL COMMAND.* nagios: LOG.* nagios: PASSIVE SERVICE CHECK.* nagios: SERVICE ALERT.* nagios: SERVICE FLAPPING ALERT.* nagios: SERVICE NOTIFICATION.* nagios: Warning:.*Passive check result was received for service.* nagios: Warning: The results of service.* are stale.* named.*: .* general: info:.* named.*: .* notify: info:.* named.*: .* general: error: zone.*unchanged. zone may fail to transfer to slaves. named.*: .* resolver: notice: DNS format error from.*: invalid response named.*: .* resolver: notice: DNS format error from.*: non-improving referral named.*: .* resolver: notice: clients-per-query increased to.* named.*: .* security: info: client.*: view.*: query (cache).*denied named.*: .* edns-disabled: info: success resolving.*after.* named.*: .* security: info: client.*denied named.*: .* rate-limit: info:.* named.*: .* general: warning: checkhints: view.* named.*: .* query-errors: info: client.*rate limit slip response to.* named.*: .* query-errors: info: client.*rate limit drop response to.* NetworkManager.*: \.* NetworkManager.*: \.* NetworkManager.*: \.*Unspecific failure nm-dispatcher: Dispatching action.* ntpd.*: synchronized.* ntpd.*: time reset.* openshift-master.* openvpn.*: Auth read bytes.* openvpn.*: CLIENT_LIST.* openvpn.*: END openvpn.*: event_wait : Interrupted system call.* openvpn.*: GLOBAL_STATS.* openvpn.*: HEADER.* openvpn.*: OpenVPN STATISTICS openvpn.*: post-compress bytes.* openvpn.*: post-decompress bytes.* openvpn.*: pre-compress bytes.* openvpn.*: pre-decompress bytes.* openvpn.*: ROUTING_TABLE.* openvpn.*: TCP/UDP.* openvpn.*: TCP/UDP.* openvpn.*: TIME.* openvpn.*: TITLE.* openvpn.*: TUN/TAP.* openvpn.*: UDPv4 link (local|remote).* openvpn.*: SIGUSR1.* openvpn.*: Updated.* openvpn.*:.*Re-using SSL/TLS context.* openvpn.*:.*LZO compression.* openvpn.*: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts.* openvpn.*: WARNING: No server certificate verification method has been enabled.* pam_unix\(.*\): account .* has password changed in future postfix/anvil.*: statistics.* postfix/bounce.*sender non-delivery notification.* postfix/error.*:.*delivery temporarily suspended.*Connection timed out.* postfix/error.*:.*delivery temporarily suspended.*No route to host.* postfix/error.*:.*delivery temporarily suspended.*temporarily deferred due to user complaints.* postfix/error.*:.*delivery temporarily suspended.*while receiving the initial server greeting.* postfix/error.*:.*delivery temporarily suspended.*Host or domain name not found.* postfix/error.*:.*delivery temporarily suspended.*Connection refused.* postfix/error.*:.*delivery temporarily suspended.*conversation with.* postfix/error.*:.*delivery temporarily suspended.*service not available, closing transmission channel.* postfix/error.*:.*delivery temporarily suspended.*Network is unreachable.* postfix/error.*:.*refused to talk to me.* postfix/lmtp.*:.*250.*Ok.* postfix/lmtp.*: 503.* postfix/local.*: table.*has changed -- restarting.* postfix/master.*: daemon started.* postfix/master.*: terminating on signa.* postfix/pipe.*:.*delivered via spamassassin.* postfix/postfix-script.*: starting the Postfix mail system postfix/postfix-script.*: stopping the Postfix mail system postfix/postfix-script.*: waiting for the Postfix mail system to terminate postfix/scache.*: statistics.* postfix/smtp.*: 400.* postfix/smtp.*: 421.* postfix/smtp.*: 450.* postfix/smtp.*: 451.* postfix/smtp.*: 452.* postfix/smtp.*: 454.* postfix/smtp.*: 503.* postfix/smtp.*: conversation.* timed out.* postfix/smtpd.*: table.*has changed -- restarting.* postfix/smtpd.*: timeout.* postfix/smtpd.*: too many errors after RCPT.* postfix/smtp.*: enabling PIX.* postfix/smtp.*: lost connection.* postfix/smtp.*:.*refused to talk to me.* postfix/smtp.*: warning: malformed domain name.* postfix/smtp.*: warning: valid_hostname:.* postfix/smtp.*:.*yahoo.*refused to talk to me.* puppet(d|-agent).*: Applying.* puppet(d|-agent).*: Caching catalog for.* puppet(d|-agent).*: Caching certificate for.* puppet(d|-agent).*: Compiled.* puppet(d|-agent).*: Could not request certificate:.* puppet(d|-agent).*: Creating a new SSL key for puppet(d|-agent).*: \(/File.* puppet(d|-agent).*: FileBucket.* puppet(d|-agent).*: Finished.* puppet(d|-agent).*: Loading facts in datacenter puppet(d|-agent).*: Loading facts in distrorelease puppet(d|-agent).*: Loading facts in git_exec_path puppet(d|-agent).*: Loading facts in libdir puppet(d|-agent).*: Loading facts in location puppet(d|-agent).*: Loading facts in pythonsitelib puppet(d|-agent).*: Loading facts in pythonsitearch puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/datacenter.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/distrorelease.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/git_exec_path.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/libdir.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/location.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/pythonsitelib.rb puppet(d|-agent).*: Loading facts in /var/lib/puppet/lib/facter/pythonsitearch.rb puppet(d|-agent).*: Retrieving plugin puppet(d|-agent).*: Run of Puppet configuration client already in progress; skipping puppet(d|-agent).*: \(/Stage.* puppet(d|-agent).*: Failed to set SELinux context system_u:object_r:var_t:s0 on /srv/reviewboard/htdocs/media/rb puppet(d|-agent).*: Failed to set SELinux context system_u:object_r:var_t:s0 on /srv/reviewboard/htdocs/media/djblets puppet-master.*: Compiled.* python.*: ansible-.* python.*: ansible.*: Invoked.* python.*: ansible.* Invoked.* python2.*: mail from:.* ResourceManager.*: info:.* restorecond: Reset file context /etc/aliases.* restorecond: Reset file context /var/db/shadow.db.* restorecond: Unable to watch.* Rootkit Hunter: Rootkit hunter.* Rootkit Hunter: Scanning.* root: time debug:.* rpc.idmapd.*: nss_getpwnam: name.*apache.* rpc.idmapd.*: nss_getpwnam: name.*masher.* rpc.idmapd.*: nss_getpwnam: name.*root@fedora.* rpc.idmapd.*: nss_getpwnam: name.*root@localdomain* rsyncd.*: building.* rsyncd.*: connect from.* rsyncd.*: file has vanished: rsyncd.*: name lookup failed for.* rsyncd.*: rsync: connection unexpectedly closed.* rsyncd.*: rsync error: error in rsync protocol data stream.* rsyncd.*: sent.* #rsync.*: rsync on.* rsyslogd-2163:epoll_ctl failed #goofy-ass rsyslogd error :( ^\(\':\',.* setfiles: relabeling .* spamc.*: connect to spamd on.* spamc.*: skipped message, greater.* spamd.*: bayes: cannot open bayes databases.* spamd.*: logger: removing.* spamd.*: prefork.* spamd.*: pyzor:.* error: TERMINATED spamd: result:.* spamd.*: spamd: clean message.* spamd.*: spamd: clean message.* spamd.*: spamd: handled cleanup.* spamd.*: spamd: identified spam.* spamd.*: spamd: server killed.* spamd.*: spamd: server pid.* spamd.*: spamd: server started.* spamd.*: spamd: server successfully.* spamd.* spamd: setuid to.* sshd.*: Address.*maps to.*but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT.* sshd.*: Did not receive identification.* sshd.*: Disconnecting: Too many authentication failures for root.* sshd.*: error: connect_to sshd.*: error: ssh_selinux_setup_pty: sshd.*: Found matching RSA key:.* sshd.*: input_userauth_request: invalid user.* sshd.*: pam_unix\(sshd:session\): session closed for user.* sshd.*: pam_unix\(sshd:session\): session opened for user.* sshd.*: Postponed publickey for.* sshd.*: refused connect from.* sshd.*: reverse mapping checking getaddrinfo.*POSSIBLE BREAK-IN ATTEMPT.* sshd.*: Server listening on.* sshd.*: subsystem request for sftp sshd.*: pam_namespace.*: Unmount of \/tmp failed, Device or resource busy.* sshd.*: Set /proc/self/oom_score_adj.* sshd.*: Connection from.* port.* sshd.*: Transferred: sent.*, received.*bytes sshd.*: Closing connection to.*port.* sshd.*: User child is on pid.* sshd.*: Read error from remote host.*: Connection reset by peer sshd.*: Read error from remote host.*: Connection timed out sshd.*: error: Could not load host key: /etc/ssh/ssh_host_dsa_key sshd.*: Starting session: command.* sshd.*: fatal: Read from socket failed: Connection reset by peer.* sshd.*: Starting session: subsystem 'sftp' for root from 10.5.126.23 port.* sshd.*: Starting session: subsystem 'sftp' for root from 209.132.181.6 port.* sshd.*: Corrupted MAC on input. sshd.*: pam_systemd(sshd:session): Failed to create session: No such file or directory sshd.*: fatal: Write failed: Connection reset by peer sshd.*: pam_succeed_if\(sshd:auth\): requirement.* sshd.*: pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=.* sshd.*: PAM .* more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=.* sshd.*: pam_unix\(sshd:auth\): check pass; user unknown sshd.*: error: maximum authentication attempts exceeded for.*from.*port.*ssh2 [preauth] sshd.*: Disconnecting: Too many authentication failures.* sshd.*: Disconnected from.* sshd.*: Read error from remote host.* sshd.*: error: maximum authentication attempts exceeded for.* stunnel:.*connected remote.* stunnel:.*SSL_read.* stunnel:.*Connection reset.* stunnel:.*connect_blocking.* stunnel:.*Connection closed.* stunnel:.*Service \[websockets\] accepted connection from.* stunnel:.*Service \[eventsource\] accepted connection from.* su: pam_unix\(su-l:session\): session .* for user dbbackup.* su: pam_unix\(su-l:session\): session .* for user postgres.* runuser: pam_unix\(runuser-l:session\).* session opened for user postgres by.* runuser: pam_unix\(runuser-l:session\).* session closed for user postgres systemd-logind.* systemd.*: Start.* systemd.*: Stop.* systemd.*: Reached.* systemd: pam_unix\(systemd-user:session\): session opened for user root by (uid=0) systemd: pam_unix\(systemd-user:session\): session closed for user root systemd: pam_unix\(systemd-user:session\): session.* systemd.*: Start.* Cleanup of Temporary Directories.* systemd-machine-id-setup.*: Initializing machine ID.* systemd.*: Created slice user-.*.slice. systemd.*: Removed slice user-.*slice. systemd.*: Received SIGRTMIN\+24 from PID.* systemd.*: Failed to mark scope session-.*.scope as abandoned : Stale file handle systemd.*: Failed to reset devices.list on /machine.slice: Invalid argument unix_chkpwd.*: account .* has password changed in future unix_chkpwd.*: password check failed for user \(root\) userhelper.*: running \'/usr/sbin/mock.* # Do not want any of the new gitolite stuff gitolite.* groupadd.*: new group.* groupadd.*: group added to /etc/g.* useradd.*: new user.* varnishd.*: Child .* said missing \)CLI.* varnishd.*: Child .* said nothing to repeatCLI result.* xinetd.*: Exiting.* xinetd.*: FAIL: git per_source_limit.* xinetd.*: readjusting service rsync xinetd.*: Reconfigured.* xinetd.*: Started.* xinetd.*: Starting reconfiguration xinetd.*: Swapping defaults xinetd.*: xinetd Version.* ykksm.*: SUCCESS.* ykval.*: LOG_INFO.* ykval.*: LOG_WARNING.* ykval.*: SUCCESS.* ykval.*: WARNING.* yum.*: Installed:.* yum.*: Updated:.* [REMOVE] ## # Here is where you put the rules (VERBATIM) from the weed_dist.cf file #