[Logcheck-devel] Bug#283331: logcheck-database: changes to ignore.d.server dnsmasq and ntpdate

[bug hunter #742]

Package: logcheck-database
Version: 1.2.31
Severity: wishlist

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)[()[:alnum:]]+ 
[ :[:alnum:].]+$

might be more accurately:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)([[:alnum:]]+) 
[ :[:alnum:]._-]+$

To break it down:
1.
[()[:alnum:]]+
trying to match something like "(eth1)"
would more accurate:
([[:alnum:]]+)

2.
[ :[:alnum:].]+
I noticed that this didn't match computer names with underscores like 
"TEST_COM"
so this just adds underscores and dashes.  I'm not positive that's the 
best approach and I'm not sure of the need for the space and colon but 
this is the safe approach.
[ :[:alnum:]._-]+

Also I would add this line to dnsmasq as it occurs when you use dnsmasq 
as a local dns caching server (that is have 127.0.0.1 in resolve.conf):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: ignoring 
nameserver 127.0.0.1 - local interface$

Finally, I added this line for ntpdate in my setup:
ntpdate\[[0-9]+\]: step time server .* offset 0\.[0-9]+ sec
This ignores time steps that are less than 1 second which I don't 
consider a big deal and I'm not sure others would either so I submit it 
for inclusion.