Bug#378333: [Logcheck-devel] Bug#378333: logcheck-database: bind rule for unexpected RCODE does not match
maximilian attems
maks at sternwelten.at
Thu Jul 20 08:46:38 UTC 2006
tags 378333 moreinfo
thanks
On Sat, 15 Jul 2006, Ingo Theiss wrote:
> the following rule in /etc/logcheck/ignore.d.server/bind does not match
> the linei(s) in our log and get reported:
>
> rule:
> -----------------------------------------------------------------------
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
> \((REFUSED|SERVFAIL)\) resolving '[^[:space:]]+': [.[:digit:]]+#[0-9]+$
>
> reported line (example):
> -----------------------------------------------------------------------
> Jul 15 10:02:09 backup named[2828]: unexpected RCODE (REFUSED) resolving
> 'accounts.name/NS/IN': 64.136.35.146#53
>
> I am not that regexp expert so I can not provide a solution.
the rule does match the message you report.
please specify if this is reported as securit event or as system event?
best regards
--
maks
More information about the Logcheck-devel
mailing list