[Logcheck-devel] Bug#260743: logcheck-database: dhcp rule updates for failover support
Erich Schubert
erich at debian.org
Wed Jul 21 22:56:51 UTC 2004
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
I've also had the message ": wrong network." appended, when a client
requested an ip adress out of a different domain, which will result in a
DHCPNAK. This is a common case with WLAN users i think.
I also added rules for dyndns support by dhcpd.
The modified rules are:
# Dyndns support for DHCP
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|rewerse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]+: no such RRset$
# Added load-balancing statements and hostname characters ._-
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [[:alnum:]]+(: load-balance to peer [^ ]*|)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+(: load-balance to peer [^ ]*)?$
# added ._- to allowed chars for hostname
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [0-9.]+ to [[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+$
# if you are paranoid, you'll want to skip these rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+: wrong network.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNACK on [0-9.]+ to [[:alnum:]]+ via [[:alnum:]]+$
Thanks for your good work.
I'm expecting to get more rule updates soon. Should i submit them here or to
some mailing list?
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=de_DE.UTF-8 at euro, LC_CTYPE=de_DE.UTF-8 at euro
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.29 Debian configuration management sy
-- debconf information excluded
More information about the Logcheck-devel
mailing list