Frédéric Brière
2008-Feb-04 01:58 UTC
[Logcheck-devel] Bug#443881: [PATCH] Moved "[bind] query $FOO denied" rule to violations.ignore.d (closes #443881)
---
rulefiles/linux/ignore.d.server/bind | 1 -
rulefiles/linux/violations.ignore.d/logcheck-bind | 2 +-
2 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/bind
b/rulefiles/linux/ignore.d.server/bind
index a26e232..75ef149 100644
--- a/rulefiles/linux/ignore.d.server/bind
+++ b/rulefiles/linux/ignore.d.server/bind
@@ -5,4 +5,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [._[:alnum:]-]+/IN:
Transfer started.$
^\w{3} [ :0-9]{11} [-._[:alnum:]]+ named\[[0-9]+\]: client [0-9.]{7,15}#[0-9]+:
view (localhost|any|slave): query: [-._[:alnum:]]+ IN
(CNAME|A6|AAAA|A|MX|PTR|TXT|NS|SOA|SSHFP) [-+](E?)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+:
)?notify question section contains no SOA$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[[:digit:].]+#[[:digit:]]+: query (\(cache\) )?'.*' denied$
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-bind
b/rulefiles/linux/violations.ignore.d/logcheck-bind
index c668573..5da1945 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-bind
+++ b/rulefiles/linux/violations.ignore.d/logcheck-bind
@@ -1,3 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone [._[:alnum:]-]+/IN:
refresh: failure trying master [._[:alnum:]-]+#53: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
\((REFUSED|SERVFAIL|15)\) resolving '[^[:space:]]+':
[.[:digit:]]+#[0-9]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[[:digit:].]+#[[:digit:]]+: query \(cache\) '.*' denied$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[[:digit:].]+#[[:digit:]]+: query (\(cache\) )?'.*' denied$
--
1.5.3.8