# The usual SSH attacks
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for root from [\.0-9]+ port [0-9]+ ssh2$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [^[:space:]]+ failed - POSSIBLE BREAKIN ATTEMPT!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [\.0-9]+ maps to [^[:space:]]+, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Illegal user [^[:space:]]+ from [\.0-9]+$

# Only because we don't have iptables running against eth3 right now
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: martian source

# Only ignore this month, 1-19!
#^Feb [ 1][0-9] [ :0-9]{8} [._[:alnum:]-]+ kernel: 3w-xxxx: scsi1: Command failed: status = 0xc4, flags = 0x43, unit #1

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslog-ng\[[0-9]+\]: io.c: do_write: write\(\) failed \(errno 111\), Connection refused

# These definitely aren't security alerts!
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read_socket_data: recv failure for

# Function trace
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]: <=
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]: ber_get_next on fd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]: daemon: shutdown requested and initiated
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]: slapd shutdown:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]: daemon: IPv6 socket\(\) failed

# XFS
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SGI XFS with no debug enabled

# MySQL
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mysqld\[[0-9]+\]: \d+ [:0-9]{8} /usr/sbin/mysqld:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mysqld\[[0-9]+\]: \d+ [:0-9]{8}  InnoDB:

# Fetchmail failure
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ fetchmail\[[0-9]+\]: POP3 connection to [._[:alnum:]-]+ failed: temporary name server error
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ fetchmail\[[0-9]+\]: POP3 connection to [._[:alnum:]-]+ failed: Connection timed out

# Only for specific hosts
^\w{3} [ :0-9]{11} (faith|nebula|sarah) kernel: device [[:alnum:]]+ (entered|left) promiscuous mode

# No one should have physical access
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: ROOT LOGIN  on .tty[0-9].
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: \(pam_unix\) authentication failure; logname=LOGIN uid=[0-9]+ euid=[0-9]+ tty=tty[0-9]+ ruser= rhost=$

# Host specific messages
^\w{3} [ :0-9]{11} (faith) kernel: device [._[:alnum:]-]+ (entered|enabled|left) promiscuous mode
^\w{3} [ :0-9]{11} (faith) kernel: shutdown\[[0-9]+\]: shutting down for