[Logcheck-devel] Bug#260743: logcheck-database: dhcp rule updates for failover support

Erich Schubert erich at debian.org
Wed Jul 21 22:56:51 UTC 2004 

Package: logcheck-database
Version: 1.2.23
Severity: minor

Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
I've also had the message ": wrong network." appended, when a client
requested an ip adress out of a different domain, which will result in a
DHCPNAK. This is a common case with WLAN users i think.

I also added rules for dyndns support by dhcpd.

The modified rules are:

# Dyndns support for DHCP
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|rewerse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]+: no such RRset$
# Added load-balancing statements and hostname characters ._-
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [[:alnum:]]+(: load-balance to peer [^ ]*|)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+(: load-balance to peer [^ ]*)?$
# added ._- to allowed chars for hostname
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [0-9.]+ to [[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+$
# if you are paranoid, you'll want to skip these rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+: wrong network.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNACK on [0-9.]+ to [[:alnum:]]+ via [[:alnum:]]+$

Thanks for your good work.
I'm expecting to get more rule updates soon. Should i submit them here or to
some mailing list?

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=de_DE.UTF-8 at euro, LC_CTYPE=de_DE.UTF-8 at euro

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.29     Debian configuration management sy

-- debconf information excluded

More information about the Logcheck-devel mailing list