[Logcheck-devel] [PATCH] Added "connection reset" rule for bind

Frédéric Brière fbriere at fbriere.net
Thu Jan 24 20:00:39 UTC 2008


This occurs when a peer issues a RST.  There seem to be some bad DNS
servers out there; I'm getting a burst of these about once a week.


Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
---
 rulefiles/linux/ignore.d.server/bind |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind
index 1092450..6fcb063 100644
--- a/rulefiles/linux/ignore.d.server/bind
+++ b/rulefiles/linux/ignore.d.server/bind
@@ -7,3 +7,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+: )?notify question section contains no SOA$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [[:digit:].]+#[[:digit:]]+: query (\(cache\) )?'.*' denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [.#[:digit:]]+: updating zone '[-._[:alnum:]]+/IN': (adding an RR|deleting rrset) at 'phentex.dynamic.gxd.ca' A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: dispatch 0x[[:xdigit:]]+: shutting down due to TCP receive error: [[:digit:].]+#[[:digit:]]+: connection reset$
-- 
1.5.3.8





More information about the Logcheck-devel mailing list