Bug#327100: [Logcheck-devel] Bug#327100: bind rules does not handle ipv6 correctly

Todd Troxell ttroxell at debian.org
Thu Sep 22 05:13:17 UTC 2005 

tag 327100 pending
thanks.

Thanks, applied.

On Wed, Sep 07, 2005 at 06:14:08PM +0200, Marco Nenciarini wrote:
> Package: logcheck
> Version: 1.2.41
> Severity: normal
> Tags: patch
> 
> I have an ipv6 enabled dns server.
> 
> I modified the file /etc/logcheck/ignore.d.paranoid/bind to propely handle ipv6
> addresses in bind logs.
> 
> I've corrected a tipo (transfered istead of trnsferred) and some unnecessary
> dot quoting (into [] the dot does not have any special role).
> 
> Bye
> 
> -- System Information:
> Debian Release: 3.1
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-k7
> Locale: LANG=it_IT.UTF-8 at euro, LC_CTYPE=it_IT.UTF-8 at euro (charmap=UTF-8)
> 
> Versions of packages logcheck depends on:
> ii  adduser          3.63                    Add and remove users and groups
> ii  cron             3.0pl1-86               management of regular background p
> ii  debconf [debconf 1.4.30.13               Debian configuration management sy
> ii  debianutils      2.8.4                   Miscellaneous utilities specific t
> ii  grep             2.5.1.ds1-4             GNU grep, egrep and fgrep
> ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
> ii  logcheck-databas 1.2.41                  database of system log rules for t
> ii  logtail          1.2.41                  Print log file lines that have not
> ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
> ii  postfix [mail-tr 2.1.5-9                 A high-performance mail transport 
> ii  sysklogd [system 1.4.1-17                System Logging Daemon
> 
> -- debconf information excluded

> --- bind.orig	2004-06-10 10:20:31.000000000 +0200
> +++ bind	2005-09-07 17:58:04.050140803 +0200
> @@ -1,5 +1,5 @@
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame delegation$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame server on '[^[:space:]]+' \(in '[^[:space:]]+'\?\): \[[\.0-9]+\]\.[0-9]+ '[^[:space:]]+'$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame server on '[^[:space:]]+' \(in '[^[:space:]]+'\?\): \[[0-9a-f.:]+\]\.[0-9]+ '[^[:space:]]+'$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Response from$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: reloading$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Cleaned cache of [0-9]+ RRsets?$
> @@ -7,18 +7,18 @@
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: approved AXFR from [^[:space:]]+ for [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone transfer \(AXFR\) of [^[:space:]]+ to [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: suppressing duplicate notify$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[\.0-9]+u/[\.0-9]+s CHILDCPU=[\.0-9]+u/[\.0-9]+s$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[.0-9]+u/[.0-9]+s CHILDCPU=[.0-9]+u/[.0-9]+s$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR|ANY)=[0-9]+)+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)+$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [0-9a-f.:]+#[0-9]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Received NOTIFY answer$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (master|slave) zone "[^[:space:]]+" \(IN\) loaded \(serial [0-9]+\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (ns_forw|ns_resp|sysquery): query\([^[:space:]]+\) (NS points to CNAME \([^[:space:]]+\)|No possible A RRs|All possible A RR's lame|Bogus LOOPBACK A RR \([^[:space:]]+\) learnt \([^[:space:]]+\))$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9.]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR started$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [^[:space:]]+: transfered serial [0-9]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [0-9a-f.:]+#[0-9]+: transfer of '[^[:space:]]+/IN': AXFR started$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [^[:space:]]+: transferred serial [0-9]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: transfer of '[^[:space:]]+' from [^[:space:]]+: end of transfer$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [^[:space:]]+/IN: sending notifies \(serial [0-9]+\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: rcvd NOTIFY\([^[:space:]]+, IN, SOA\) from \[[\.0-9]+\]\.[0-9]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: rcvd NOTIFY\([^[:space:]]+, IN, SOA\) from \[[0-9a-f.:]+\]\.[0-9]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: late CNAME in answer section for [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: no IPv6 interfaces found$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: loading configuration from '/etc/bind/named\.conf'$

> _______________________________________________
> Logcheck-devel mailing list
> Logcheck-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel


-- 
Todd Troxell
http://rapidpacket.com/~xtat

More information about the Logcheck-devel mailing list