# general settings set uid tenshi set gid tenshi set pidfile /var/run/tenshi/tenshi.pid #set logfile /var/log/messages #set logfile /var/log/mail.log set fifo /var/log/tenshi.fifo # set listen 127.0.0.1:514 ## GNU coreutils # set tail /usr/bin/tail -q --follow=name --retry -n 0 ## FreeBSD / NetBSD # set tail /usr/bin/tail -F -n 0 ## OpenBSD / HP-UX # set tail /usr/bin/tail -f -n 0 set tail_multiple off set sleep 5 set limit 800 set pager_limit 2 set mask ___ set mailserver localhost set subject tenshi report set hidepid on ## queues # syntax: set queue <queue_name> <mail_from> [pager:]<mail_to> <cron_spec> [<subject>] set queue mail tenshi@localhost sysadmin@localhost [30 18 * * *] set queue nf tenshi@localhost sysadmin@localhost [*/30 * * * *] set queue report tenshi@localhost sysadmin@localhost [0 9-17/2 * * *] set queue misc tenshi@localhost sysadmin@localhost [0 9-17/2 * * *] set queue critical tenshi@localhost sysadmin@localhost,noc@localhost [now] tenshi CRITICAL report set queue root tenshi@localhost sysadmin@localhost [now] set queue pager tenshi@localhost pager:pager@localhost [now] tenshi alert set queue mobile tenshi@localhost pager:93384@localhost,pager:235953@localhost [now] tenshi alert set queue noprefix tenshi@localhost sysadmin@localhost [now] tenshi unprefixed alert ## sample filter # set filter report /usr/bin/gpg --clearsign --batch -a -r sysadmin@localhost ## sample csv pipe # set csv [0 * * * *] /usr/local/bin/afterglow.pl -c /etc/afterglow.conf -t > /var/lib/tenshi/tenshi.dot ## regexp definitions # syntax: <queue_name>[,<queue_name>..] <regexp> ## note: If you are not using the hidepid option for some reason, the regexps ## below will need to be slightly different, for example: # # mail ^sendmail: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) # would need to be: # mail ^sendmail\[(.*)\]: to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) # in order to match the sendmail line and mask the PID. repeat ^(?:last message repeated|above message repeats) (\\d+) time trash ^hub.c trash ^usb.c trash ^uhci.c trash ^sda trash ^Initializing USB trash ^scsi0 : SCSI emulation trash ^Vendor: trash ^Type: trash ^Attached scsi removable trash ^SCSI device sda trash ^sda: Write trash ^/dev/scsi trash ^WARNING: USB trash ^USB Mass Storage trash ^/dev trash ^ISO trash ^floppy0 trash ^end_request trash ^Directory trash ^I/O error: dev 08:(.+), sector nf ^netfilter group ^sendmail: mail ^sendmail: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) mail ^sendmail: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent mail ^sendmail: (.+): from=(.+),(.+)relay=(.+) mail ^sendmail: STARTTLS=client(.+) mail ^sendmail group_end group ^sm-mta: mail ^sm-mta: (.+): to=(.+),(.+)delay=(.+) mail ^sm-mta: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) mail ^sm-mta: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent mail ^sm-mta: (.+): to=(.+),(.+)relay=local(.+)stat=Sent(.+) mail ^sm-mta: (.+): to=(.+),(.+)relay=local(.+)stat=Sent mail ^sm-mta: (.+): to=(.+),(.+)stat=Sent(.+) mail ^sm-mta: (.+): to=(.+),(.+)stat=Sent mail ^sm-mta: (.+): from=(.+),(.+)relay=local(.+) mail ^sm-mta: (.+): from=(.+),(.+)relay=(.+) mail ^sm-mta: STARTTLS=server(.+) mail ^sm-mta: STARTTLS=client(.+) trash ^sm-mta:.+User unknown mail ^sm-mta: ETRN mail ^sm-mta group_end group ^ipop3d: mail ^ipop3d: Login user=(.+) mail ^ipop3d: Logout user=(.+) mail ^ipop3d: pop3s SSL service init from (.+) mail ^ipop3d: pop3 service init from (.+) mail ^ipop3d: Auth user=(.+) mail ^ipop3d: Command stream end of file, while reading mail ^ipop3d: Command stream end of file while reading mail ^ipop3d: AUTHENTICATE LOGIN failure host=(.+) mail ^ipop3d: AUTHENTICATE PLAIN failure host=(.+) mail ^ipop3d: Login failed mail,critical ^ipop3d: group_end group ^imapd: mail ^imapd: Login user=(.+) mail ^imapd: Logout user=(.+) mail ^imapd: port (.+) service init from (.+) mail ^imapd: imaps SSL service init from (.+) mail ^imapd: Command stream end of file, while reading mail ^imapd: Command stream end of file while reading mail ^imapd: Authenticated user=(.+) mail ^imapd: AUTHENTICATE LOGIN failure host=(.+) mail ^imapd: AUTHENTICATE PLAIN failure host=(.+) mail ^imapd: Autologout(.+) mail ^imapd: Login failed mail,critical ^imapd: group_end group ^sshd(?:\(pam_unix\))?: report ^sshd: fatal: Timeout before authentication for (.+) critical ^sshd: Illegal user report ^sshd: Connection from (.+) report ^sshd: Connection closed (.+) report ^sshd: Closing connection (.+) report ^sshd: Found matching (.+) key: (.+) report ^sshd: Accepted publickey (.+) report ^sshd: Accepted rsa for (.+) from (.+) port (.+) report ^sshd: Accepted keyboard-interactive/pam for (.+) from (.+) port (.+) root ^sshd\(pam_unix\): session opened for user root by root\(uid=0\) root ^sshd\(pam_unix\): session opened for user root by \(uid=0\) report ^sshd\(pam_unix\): session closed for user (.+) report ^sshd\(pam_unix\): session opened for user (.+) report ^sshd\(pam_unix\): authentication failure; logname= group_end group ^login\(pam_unix\): critical ^login\(pam_unix\): session opened for user root by root\(uid=0\) critical ^login\(pam_unix\): session opened for user root by \(uid=0\) report ^login\(pam_unix\): session closed for user (.+) report ^login\(pam_unix\): session opened for user (.+) group_end report ^passwd\(pam_unix\): group ^su\(pam_unix\): root,report ^su\(pam_unix\): session opened for user root root,report ^su\(pam_unix\): session closed for user root(.+) report ^su\(pam_unix\): session opened for user (.+) report ^su\(pam_unix\): session closed for user (.+) group_end critical ^(?:/usr/bin)?sudo: critical,pager ^Oops critical,pager ^Linux critical ^init misc .* includedir /etc/tenshi.d
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
55ecbdbde8fce360ae602cdca0688233
>
files
>
2
