[Logcheck-devel] Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode.

Stas Degteff g_nospam at grumbler.org
Sun Feb 7 22:58:40 UTC 2010 

Package: logcheck
Version: 1.2.69
Severity: normal
Tags: patch

Logcheck's reports contains many messages like:

Feb  7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname 
Unsuitable for Printing) via eth0
Feb  7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname 
Unsuitable for Printing) via eth0

I create file /etc/logcheck/ignore.d.server/dhcp.local with two rules and these messages 
now ignored by logcheck. Two my rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (DHCPOFFER|DHCPACK) on [.0-9]{7,15} 
to [:[:alnum:]]+ \([_[:alnum:] -]+\) via [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} 
(\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([_[:alnum:] -]+\) )?via [[:alnum:]-]+$

I propose to insert these rules into (main) /etc/logcheck/ignore.d.*/dhcp files, patch is 
included

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser            3.110                 add and remove users and groups
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-3 A simple mail user agent
ii  cron               3.0pl1-105            management of regular background p
ii  lockfile-progs     0.1.11-0.1            Programs for locking and unlocking
ii  logtail            1.2.69                Print log file lines that have not
ii  rsyslog [system-lo 3.18.6-4              enhanced multi-threaded syslogd
ii  sendmail-bin [mail 8.14.3-5              powerful, efficient, and scalable 

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.69     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- no debconf information
-------------- next part --------------
--- dhcp	2009-02-11 16:57:09.000000000 +0500
+++ dhcp.new	2010-02-08 03:50:23.000000000 +0500
@@ -10,6 +10,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [.[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [.[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [.[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (DHCPOFFER|DHCPACK) on [.0-9]{7,15} to [:[:alnum:]]+ \([_[:alnum:] -]+\) via [[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([_[:alnum:] -]+\) )?via [[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$
 #Added for dhcp 3
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$

More information about the Logcheck-devel mailing list