47eb5193fe
Add http patch - count .hdr files as archives Add pluto patch - update openswan parsing Add xvc patch - support xen virtual console logins
67 lines
2.9 KiB
Diff
67 lines
2.9 KiB
Diff
--- logwatch-svn110/scripts/services/pluto 2010-05-01 04:36:08.000000000 +0200
|
|
+++ logwatch-svn110-new/scripts/services/pluto 2012-08-29 10:53:35.760260333 +0200
|
|
@@ -76,6 +76,12 @@
|
|
$today="$month $day";
|
|
|
|
next unless ($process =~ /pluto/i);
|
|
+ $iserror=0;
|
|
+
|
|
+ if ($conn eq "ERROR:") {
|
|
+ $iserror = 1;
|
|
+ ($junk,$conn,$msg)=split(/ +/,$msg,3);
|
|
+ }
|
|
|
|
$loglines{$today}++;
|
|
|
|
@@ -143,7 +149,7 @@
|
|
next if($rest =~ /no suitable connection for peer/);
|
|
next if($rest =~ /sending encrypted notification/);
|
|
next if($rest =~ /enabling possible NAT-traversal with method/);
|
|
- next if($rest =~ /received Vendor ID payload/);
|
|
+ next if($rest =~ /(received|ignoring) Vendor ID payload/);
|
|
next if($rest =~ /ignoring unknown Vendor ID payload/);
|
|
next if($rest =~ /Dead Peer Detection \(RFC 3706\): enabled/);
|
|
next if($rest =~ /DPD: No response from peer - declaring peer dead/);
|
|
@@ -152,6 +158,21 @@
|
|
next if($rest =~ /discarding packet received during asynchronous work \(DNS or crypto\) in STATE_(MAIN|QUICK)_../);
|
|
next if($rest =~ /STATE_(MAIN|QUICK)_[RI][1-3]: sent [MQ][RI][1-3], expecting [MQ][IR][1-3]/);
|
|
next if($rest =~ /STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2/);
|
|
+ next if($rest =~ /down-client output/);
|
|
+ next if($rest =~ /(restore|update)resolvconf-client output/);
|
|
+ next if($rest =~ /transform .* ignored/);
|
|
+ next if($rest =~ /multiple DH groups were set in aggressive mode\./);
|
|
+ next if($rest =~ /received mode cfg reply/);
|
|
+ next if($rest =~ /modecfg: Sending IP request/);
|
|
+ next if($rest =~ /setting .* address to/);
|
|
+ next if($rest =~ /STATE_XAUTH_I1: XAUTH client - awaiting CFG_set/);
|
|
+ next if($rest =~ /initiating Aggressive Mode/);
|
|
+ next if($rest =~ /Aggressive mode peer ID is/);
|
|
+ next if($rest =~ /protocol\/port in Phase \d ID Payload must be/);
|
|
+ next if($rest =~ /XAUTH: Bad Message: /);
|
|
+ next if($rest =~ /XAUTH: Answering XAUTH challenge with user/);
|
|
+ next if($rest =~ /Received IP4|DNS|subnet /);
|
|
+ next if($rest =~ /sendto on .* to .* failed in delete notify/);
|
|
$relevantlog{"$today"}++;
|
|
|
|
print STDERR "Rest is $rest\n" if $debug>1;
|
|
@@ -224,6 +245,9 @@
|
|
$rekeyfail{$conn}++;
|
|
$rekeyfail_ICMPunreachable{$conn}++;
|
|
|
|
+ } elsif($rest =~ /XAUTH: Successfully Authenticated/) {
|
|
+ $xauthsuccess{$conn}++;
|
|
+
|
|
} elsif($rest =~ /starting keying attempt (.*) of an unlimited number/) {
|
|
$lastattempt=$1;
|
|
if($maxattempts{$conn} < $lastattempt) {
|
|
@@ -272,6 +296,9 @@
|
|
if($setupfail{$conn} > 0) {
|
|
print "\tSetup failures: ".$setupfail{$conn}."\n";
|
|
}
|
|
+ if($xauthsuccess{$conn} > 0) {
|
|
+ print "\tXAUTH successful connections: ".$xauthsuccess{$conn}."\n";
|
|
+ }
|
|
if($crlUpdate{$conn} > 0) {
|
|
print "\tOverdue CRL update since: ".$crlUpdateSince{$conn}." (".$crlUpdate{$conn}." times)\n";
|
|
}
|