Christian Kreidl
2015-Sep-15 07:26 UTC
[Logcheck-devel] Bug#799041: Updated rules for isc-dhcp-server
Package: logcheck-database Version: 1.3.17 Severity: normal Tags: patch isc-dhcp-server has added the PID to the log output since version 4.3.3-2: * Enable pid file logging (closes: #792928). This spams logcheck output. Attached is a new version of /etc/logcheck/ignore.d.server/dhcp which matches the new log output. -------------- next part -------------- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ (leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) [.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ #Added for dhcp 3 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|<no client hardware address>)\) via [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15} for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$ # Dyndns support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on [._[:alnum:]-]+\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$ # udhcpd support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to [.0-9]{7,15}$ # These two rules match specifically for ddns_remove_a() ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: if [._[:alnum:]-]+ IN TXT "[[:alnum:]]+" rrset exists and [._[:alnum:]-]+ IN A [.0-9]{7,15} rrset exists delete [._[:alnum:]-]+ IN A [.0-9]{7,15}: success\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: if [._[:alnum:]-]+ IN A rrset doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+": success\.$ # The preceding rules could be rewritten as follows to match most output from # print_dns_status(), also called for the expr_dns_transaction opcode. I'd # rather not proceed without hearing from someone using DDNS updates, though. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]:( (if|and|add|delete) [._[:alnum:]-]+ ([[:digit:]]+ )?IN ((A|PTR|MX|CNAME)( [._[:alnum:]-]+)?|TXT "[^"]*"|CNAME <keydata>)( (rrset|domain) (exists|doesn't exist))?)+: success\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Connecting to LDAP server [:_.[:alnum:]-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: TLS session successfully started to [:_.[:alnum:]-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Successfully logged into LDAP server [._[:alnum:]-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: (Found dhcpServer LDAP entry|LDAP: Parsing dhcpServer options|LDAP: Parsing dhcpService DN|Found LDAP entry|Parsing external DNs for) '[%=.,_[:alnum:]-]+'( \.\.\.)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: (Searching|No host entry) for \(\&\(objectClass=dhcpHost\)\(dhcpHWAddress=ethernet [[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}\)\) in LDAP tree [=,.[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Found dhcpHWAddress LDAP entry [-_=,.[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending the following options: '(filename \"[.[:alnum:]]+\"|(fixed-address|next-server) [.[:digit:]]{7,15}|;#012)+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config line '(allow booting|allow bootp|ddns-update-style (ad-hoc|interim|none)|(default|max|min)-lease-time [[:digit:]]+|authoritative|option domain-name "[._[:alnum:]-]+"|option domain-name-servers [._,[:alnum:][:space:]-]+|option subnet-mask [.[:digit:]]{7,15}|;#012)+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config line '((subnet|netmask|option routers|option subnet-mask) [.[:digit:]]{7,15}|(default|max|min)-lease-time [[:digit:]]+|[[:space:]]|\{#012|\}#012|;#012)+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config line 'pool (range [.[:digit:]]{7,15} [.[:digit:]]+|(default|min|max)-lease-time [[:digit:]]+|failover peer "[-._[:alnum:]]+"|deny dynamic bootp clients|[[:space:]]|\{#012|\}#012|;#012)+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: bind update on [.[:digit:]]{7,15} got ack from dhcp-failover: xid mismatch\.$
Debian Bug Tracking System
2017-Jan-25 22:09 UTC
[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)
Your message dated Wed, 25 Jan 2017 22:05:36 +0000 with message-id <E1cWVhA-0002wM-Vs at fasolo.debian.org> and subject line Bug#799041: fixed in logcheck 1.3.18 has caused the Debian Bug report #799041, regarding Updated rules for isc-dhcp-server to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Christian Kreidl <debian at chk.cksf.de> Subject: Updated rules for isc-dhcp-server Date: Tue, 15 Sep 2015 09:26:12 +0200 Size: 9810 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/eaedd882/attachment-0002.mht> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#799041: fixed in logcheck 1.3.18 Date: Wed, 25 Jan 2017 22:05:36 +0000 Size: 7772 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/eaedd882/attachment-0003.mht>