Bug#283331: [Logcheck-devel] Bug#283331: logcheck-database: changes to ignore.d.server dnsmasq and ntpdate

maks attems debian at sternwelten.at
Sun Nov 28 18:34:00 UTC 2004


On Sun, 28 Nov 2004, bug hunter #742 wrote:

> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
> (DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)[()[:alnum:]]+ 
> [ :[:alnum:].]+$
> 
> might be more accurately:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
> (DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)([[:alnum:]]+) 
> [ :[:alnum:]._-]+$
> 
> To break it down:
> 1.
> [()[:alnum:]]+
> trying to match something like "(eth1)"
> would more accurate:
> ([[:alnum:]]+)
> 
> 2.
> [ :[:alnum:].]+
> I noticed that this didn't match computer names with underscores like 
> "TEST_COM"
> so this just adds underscores and dashes.  I'm not positive that's the 
> best approach and I'm not sure of the need for the space and colon but 
> this is the safe approach.
> [ :[:alnum:]._-]+

sounds good, please post some relevant loglines to check against. :)
 
> Also I would add this line to dnsmasq as it occurs when you use dnsmasq 
> as a local dns caching server (that is have 127.0.0.1 in resolve.conf):
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: ignoring 
> nameserver 127.0.0.1 - local interface$

ok cool, added to current cvs.
just changed '.' to '\.'
could you post the dnsmasq logline when using a remote dns?

 
> Finally, I added this line for ntpdate in my setup:
> ntpdate\[[0-9]+\]: step time server .* offset 0\.[0-9]+ sec
> This ignores time steps that are less than 1 second which I don't 
> consider a big deal and I'm not sure others would either so I submit it 
> for inclusion.

hmm that is a bad rule, only use '.*' for remote strings.
and the rule doesn't match the hole logline.

ntpdate is using it's own logcheck ignore rule, you may want to follow up
#283386



thanks + best regards
 
--
maks






More information about the Logcheck-devel mailing list