/etc/logcheck/ignore.d.server/snort is in logcheck-database 1.3.16.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort:[[:space:]]*.?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: (\`|\\+)-.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: alert_fragments: (INACTIVE|ACTIVE)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: alert_incomplete: (INACTIVE|ACTIVE)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: alert_large_fragments: (INACTIVE|ACTIVE)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: alert_multiple_requests: (INACTIVE|ACTIVE)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Detect Protocols: [[:alpha:]].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Detect Scan Type: [[:alpha:]].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Final Flow Statistics$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: \| gen-id=[0-9] +sig-id=[0-9]+ +type=(Threshold|Both) +tracking=(dst|src) count=[0-9]+ +seconds=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | Hash Method: [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Initializing daemon mode$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Log directory = /var/log/snort$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | Memcap: [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Memcap \(in bytes\): [0-9]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | none$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Number of Nodes: [0-9]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | Overhead Bytes: [0-9]+\(%[0-9]\.[0-9]\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: PID path stat checked out ok, PID path set to /var/run/$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Ports: [0-9].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Portscan Detection Config:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Ports to decode RPC on: [0-9].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Ports to decode telnet on: [0-9].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | Rows : [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: rpc_decode arguments:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Rule application order: ->pass->activation->dynamic->alert->log$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Sensitivity Level: (Low|High)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Snort exiting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Snort initialization completed successfully \(pid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: | Stats Interval: [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: telnet_decode arguments:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: \+-*\[(thresholding-config|thresholding-global|threasholding-local|suppressi on|Flow Config)\]-*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Writing PID "[0-9]+" to file "/var/run//snort_eth[0-9]+\.pid"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: X-Link2State Config:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: Warning: flowbits key .* is set but not ever checked\.$
|