Ingo Theiss
2006-Jul-15 11:54 UTC
[Logcheck-devel] Bug#378333: logcheck-database: bind rule for unexpected RCODE does not match
Package: logcheck-database
Version: 1.2.44
Severity: normal
the following rule in /etc/logcheck/ignore.d.server/bind does not match
the linei(s) in our log and get reported:
rule:
-----------------------------------------------------------------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
\((REFUSED|SERVFAIL)\) resolving '[^[:space:]]+': [.[:digit:]]+#[0-9]+$
reported line (example):
-----------------------------------------------------------------------
Jul 15 10:02:09 backup named[2828]: unexpected RCODE (REFUSED) resolving
'accounts.name/NS/IN': 64.136.35.146#53
I am not that regexp expert so I can not provide a solution.
regards
ingo
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.3
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
maximilian attems
2006-Jul-20 08:46 UTC
Bug#378333: [Logcheck-devel] Bug#378333: logcheck-database: bind rule for unexpected RCODE does not match
tags 378333 moreinfo thanks On Sat, 15 Jul 2006, Ingo Theiss wrote:> the following rule in /etc/logcheck/ignore.d.server/bind does not match > the linei(s) in our log and get reported: > > rule: > ----------------------------------------------------------------------- > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE > \((REFUSED|SERVFAIL)\) resolving '[^[:space:]]+': [.[:digit:]]+#[0-9]+$ > > reported line (example): > ----------------------------------------------------------------------- > Jul 15 10:02:09 backup named[2828]: unexpected RCODE (REFUSED) resolving > 'accounts.name/NS/IN': 64.136.35.146#53 > > I am not that regexp expert so I can not provide a solution.the rule does match the message you report. please specify if this is reported as securit event or as system event? best regards -- maks
Debian Bug Tracking System
2006-Jul-20 09:03 UTC
Processed: Re: [Logcheck-devel] Bug#378333: logcheck-database: bind rule for unexpected RCODE does not match
Processing commands for control at bugs.debian.org:> tags 378333 moreinfoBug#378333: logcheck-database: bind rule for unexpected RCODE does not match There were no tags set. Tags added: moreinfo> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)