Bug#378333: [Logcheck-devel] Bug#378333: logcheck-database: bind rule for unexpected RCODE does not match

maximilian attems maks at sternwelten.at
Thu Jul 20 08:46:38 UTC 2006

tags 378333 moreinfo

On Sat, 15 Jul 2006, Ingo Theiss wrote:

> the following rule in /etc/logcheck/ignore.d.server/bind does not match
> the linei(s) in our log and get reported:
> rule:
> -----------------------------------------------------------------------
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
> \((REFUSED|SERVFAIL)\) resolving '[^[:space:]]+': [.[:digit:]]+#[0-9]+$
> reported line (example):
> -----------------------------------------------------------------------
> Jul 15 10:02:09 backup named[2828]: unexpected RCODE (REFUSED) resolving
> 'accounts.name/NS/IN':
> I am not that regexp expert so I can not provide a solution.

the rule does match the message you report.
please specify if this is reported as securit event or as system event?

best regards

More information about the Logcheck-devel mailing list