I've created some additional regular expressions for use with
logcheck and openVPN; The existing ones do not expect OpenVPN to
log the clients name and address, which these do:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt:
Cipher '[[:alnum:]-]+' initialized with [0-9]+ bit key$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Data Channel (En|De)crypt:
Using [0-9]+ bit message hash '[[:alnum:]-]+' for HMAC authentication$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?TLS: Username/Password
authentication succeeded for username '\w+' (\[CN SET\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Control Channel: TLSv1,
cipher TLSv1/SSLv3 [[:alnum:]-]+, [0-9]+ bit RSA$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Data|Control) Channel MTU
parms \[[[:upper:]:0-9 ]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?(Local|Expected Remote)
Options hash \(VER=V[0-9]+\): '[0-9a-f]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]:
(([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?Peer Connection Initiated
with [0-9.]{7,15}:[0-9]+$
I hope these get integrated in a future update of logcheck-database.
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
