[Logcheck-devel] Bug#260743: marked as done (logcheck-database: dhcp rule updates for failover support)

Debian Bug Tracking System owner at bugs.debian.org
Wed Sep 22 21:03:11 UTC 2004 

Your message dated Wed, 22 Sep 2004 16:47:06 -0400
with message-id <E1CAE14-0001Mu-00 at newraff.debian.org>
and subject line Bug#260743: fixed in logcheck 1.2.28
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Jul 2004 22:56:45 +0000
>From erich at wintermute.xmldesign.de Wed Jul 21 15:56:45 2004
Return-path: <erich at wintermute.xmldesign.de>
Received: from legolas.drinsama.de [62.91.17.164] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BnQ0z-0008Ad-00; Wed, 21 Jul 2004 15:56:45 -0700
Received: from localhost (localhost [127.0.0.1])
	by localhost (Postfix) with ESMTP
	id 673FAC4C091; Thu, 22 Jul 2004 00:56:42 +0200 (CEST)
Received: from legolas.drinsama.de ([127.0.0.1])
	by localhost (legolas [127.0.0.1]) (amavisd-new, port 10024)
	with SMTP id 25448-06; Thu, 22 Jul 2004 00:56:41 +0200 (CEST)
Received: from wintermute.xmldesign.de (pD958F795.dip.t-dialin.net [217.88.247.149])
	by legolas.drinsama.de (Postfix) with ESMTP
	id 56776C4C08E; Thu, 22 Jul 2004 00:56:41 +0200 (CEST)
Received: by wintermute.xmldesign.de (Postfix, from userid 1000)
	id A1AE8488024; Thu, 22 Jul 2004 00:56:51 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Erich Schubert <erich at debian.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: dhcp rule updates for failover support
X-Mailer: reportbug 2.63
Date: Thu, 22 Jul 2004 00:56:51 +0200
Message-Id: <20040721225651.A1AE8488024 at wintermute.xmldesign.de>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at mucl.de
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.23
Severity: minor

Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
I've also had the message ": wrong network." appended, when a client
requested an ip adress out of a different domain, which will result in a
DHCPNAK. This is a common case with WLAN users i think.

I also added rules for dyndns support by dhcpd.

The modified rules are:

# Dyndns support for DHCP
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|rewerse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]+: no such RRset$
# Added load-balancing statements and hostname characters ._-
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [[:alnum:]]+(: load-balance to peer [^ ]*|)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+(: load-balance to peer [^ ]*)?$
# added ._- to allowed chars for hostname
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [0-9.]+ to [[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+$
# if you are paranoid, you'll want to skip these rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [[:alnum:]]+: wrong network.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNACK on [0-9.]+ to [[:alnum:]]+ via [[:alnum:]]+$

Thanks for your good work.
I'm expecting to get more rule updates soon. Should i submit them here or to
some mailing list?

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=de_DE.UTF-8 at euro, LC_CTYPE=de_DE.UTF-8 at euro

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.29     Debian configuration management sy

-- debconf information excluded

---------------------------------------
Received: (at 260743-close) by bugs.debian.org; 22 Sep 2004 20:53:02 +0000
>From katie at ftp-master.debian.org Wed Sep 22 13:53:02 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CAE6o-0008LO-00; Wed, 22 Sep 2004 13:53:02 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CAE14-0001Mu-00; Wed, 22 Sep 2004 16:47:06 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 260743-close at bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#260743: fixed in logcheck 1.2.28
Message-Id: <E1CAE14-0001Mu-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Wed, 22 Sep 2004 16:47:06 -0400
Delivered-To: 260743-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: logcheck
Source-Version: 1.2.28

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.28_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.28_all.deb
logcheck_1.2.28.dsc
  to pool/main/l/logcheck/logcheck_1.2.28.dsc
logcheck_1.2.28.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.28.tar.gz
logcheck_1.2.28_all.deb
  to pool/main/l/logcheck/logcheck_1.2.28_all.deb
logtail_1.2.28_all.deb
  to pool/main/l/logcheck/logtail_1.2.28_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 260743 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wednesday, 22 Sep 2004 16:35:03 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.28
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 260743 270398 271286 271482
Changes: 
 logcheck (1.2.28) unstable; urgency=low
 .
   maks:
   * Small fixes: join 2 lines in ignore.d.server/postfix, add '^' for
     start-of-line ignore.d.server/scponly (Closes: #270398)
   * Small rule update oidentd (Closes: #271286)
   * Check if logcheck has the permissions to read the offsetfiles.
   * Allow Hostname for logcheck mail to be set by commandline switch
     for log hosts. thanks to Joerg Jaspert <joerg at debian.org>
   * Minor comment fixes for picky readers.
   * Handle lack of permissions gracefully. (Closes: #271482)
   * Small update dhcp for dyndns support. (Closes: #260743)
   * Add a sendfile rule at level workstation for its connect syslogging.
Files: 
 8c637493c86f9837bf562948ab13b2c0 668 admin optional logcheck_1.2.28.dsc
 6e4d2752d7d6ff9ce715b72f54008d5b 81327 admin optional logcheck_1.2.28.tar.gz
 d1ffd289685832e7996435d5ae3c45cb 39542 admin optional logcheck_1.2.28_all.deb
 4826a618a56a8972fbeb8d5d9ddb38ff 48216 admin optional logcheck-database_1.2.28_all.deb
 304d26bb982ee707fc522222ef6eb58b 23138 admin optional logtail_1.2.28_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUeJd4u3oQ3FHP2YRArC7AKCDxvbr8v3stHMV4A0F8bPxs2F+NQCfck+7
pLnknmV272C+HIjbcLRTrPk=
=7w+3
-----END PGP SIGNATURE-----

More information about the Logcheck-devel mailing list