[Logcheck-devel] Bug#186372: logcheck - small regexp updates for dhcp and nfs

Bastian Blank waldi at debian.org
Sun Jun 13 20:20:53 UTC 2004


On Sat, Jun 12, 2004 at 12:07:29PM +0200, maks attems wrote:
> could you update the nfs rule:
> *) match the hole line ended with '$'
>    (we try to match the complete log line, minus trailing space)
> *) if 'from [^[:space:]]+' is a hostname please use [._[:alnum:]-]+,
>    it it's an ip use at least [.0-9]{7,15}
> thanks for an tested update of the nfs rule, 
> looking forward to your response. 

I attached the updated rule. Also I missed two other dhcp server 3
messages.

Bastian

-- 
Four thousand throats may be cut in one night by a running man.
		-- Klingon Soldier, "Day of the Dove", stardate unknown
-------------- next part --------------
Index: dhcp
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/dhcp,v
retrieving revision 1.2
diff -u -r1.2 dhcp
--- dhcp	12 Jun 2004 10:12:06 -0000	1.2
+++ dhcp	13 Jun 2004 20:18:15 -0000
@@ -10,6 +10,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPOFFER on [.0-9]+ to [:[:alnum:]]+ (\([[:alnum:]]+\) |)via [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPREQUEST for [.0-9]+ (\([.0-9]+\) |)from [:[:alnum:]]+ (\([[:alnum:]]+\) |)via [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPACK on [.0-9]+ to [:[:alnum:]]+ (\([[:alnum:]]+\) |)via [[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPINFORM from [:[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]+ via [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPNAK on [:[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPRELEASE on [.0-9]+$
Index: nfs
===================================================================
RCS file: nfs
diff -N nfs
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ nfs	13 Jun 2004 20:18:15 -0000
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[[:alnum:]]*)+ \((/[[:alnum:]]*)+\)$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040613/b0d2eb12/attachment.pgp 


More information about the Logcheck-devel mailing list