[Logcheck-devel] [PATCH] Added "connection reset" rule for bind
Frédéric Brière
fbriere at fbriere.net
Thu Jan 24 20:00:39 UTC 2008
This occurs when a peer issues a RST. There seem to be some bad DNS
servers out there; I'm getting a burst of these about once a week.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/bind | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind
index 1092450..6fcb063 100644
--- a/rulefiles/linux/ignore.d.server/bind
+++ b/rulefiles/linux/ignore.d.server/bind
@@ -7,3 +7,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+: )?notify question section contains no SOA$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [[:digit:].]+#[[:digit:]]+: query (\(cache\) )?'.*' denied$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [.#[:digit:]]+: updating zone '[-._[:alnum:]]+/IN': (adding an RR|deleting rrset) at 'phentex.dynamic.gxd.ca' A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: dispatch 0x[[:xdigit:]]+: shutting down due to TCP receive error: [[:digit:].]+#[[:digit:]]+: connection reset$
--
1.5.3.8
More information about the Logcheck-devel
mailing list