Logcheck devel - Sep 2012 - Bug#688339: logcheck-database: dhcp: match IPv6-aware records, too

Package: logcheck
Version: 1.3.13
Severity: normal
Tags: patch

Please add following regex

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN A rrset
doesn't exist and [._[:alnum:]-]+ IN AAAA rrset doesn't exist delete
[._[:alnum:]-]+ IN TXT "[[:alnum:]]+": success\.$

This matches lines like

Sep 21 20:38:30 dns dhcpd: if w3.mydomain.tld IN A rrset doesn't exist and
w3.mydomain.tld IN AAAA rrset doesn't exist delete w3.mydomain.tld IN TXT
"1221121212ababbba": success.

Maybe _someone_ could merge with existing IPv4-only regex...

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN A rrset
doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+":
success\.$

...but _I_ don't know, how to do this.


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser                  3.112+nmu2      add and remove users and groups
ii  cron                     3.0pl1-116      process scheduling daemon
ii  exim4-daemon-light [mail 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon
ii  lockfile-progs           0.1.15          Programs for locking and unlocking
ii  logtail                  1.3.13          Print log file lines that have not
ii  mime-construct           1.11            construct/send MIME messages from 
ii  rsyslog [system-log-daem 4.6.4-2         enhanced multi-threaded syslogd

Versions of packages logcheck recommends:
ii  logcheck-database             1.3.15     database of system log rules for t

Versions of packages logcheck suggests:
ii  syslog-summary                1.14-2     summarize the contents of a syslog

-- no debconf information

reassign 688339 logcheck-database 1.3.15
thanks

Control: reassign -1 src:isc-dhcp
Control: retitle -1 incorporate logcheck snippets
Control: user debian-release at lists.debian.org
Control: usertag -1 bsp-2014-01-gb-Monmouth

Dear maintainer,

Logcheck is a package to filter system log events for the administrator.
Its aim is to remove chatter from the log files, leaving only the events
that the administrator needs to deal with. Filtering is for display only,
leaving the original log file intact for later reading.

Please ship snippets for consumption by the logcheck package. Logcheck
will stop shipping snippets for isc-dhcp in the future, so it's important
that isc-dhcp takes over these files.

If you use debhelper or CDBS, this is very simple:

1. provide your snippets in debian/<package>.logcheck.<type>
   where <type> is one of the following:
      violations
      violations.ignore
      ignore.workstation
      ignore.server
      ignore.paranoid
2. add a call to dh_installlogcheck in debian/rules, if you use debhelper
   without the automatic sequencer
3. add a versioned Breaks: logcheck-database (<= 1.3.16~) to your control
   file

Please allow 7 days before uploading a package including these changes;
this is to give time for a superceding logcheck package to be prepared.
For your convenience, the current snippets (if any) are attached.

For further information, please see README.Maintainers in the logcheck
package.

-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet (Software|Systems)
Consortium DHCP Server [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet
(Software|Systems) Consortium\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit
http://www.isc.org/(products/DHCP|sw/dhcp/)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+
(leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER)
from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on)
[.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15}
to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for
[.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\)
)?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to
[:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM)
(on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$
#Added for dhcp 3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+
(\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPOFFER on [.0-9]{7,15} to
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]{7,15}
(\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via
[._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by
peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [.0-9]{7,15} to
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNAK on [.0-9]{7,15} to
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]{7,15} via
[._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [.0-9]{7,15} from
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]{7,15}(
\(([:[:xdigit:]]+|<no client hardware address>)\) via [._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ((balancing|balanced) )?pool
[0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+  free
[:[:alnum:]]+  backup [:[:alnum:]]+  lts [:[:alnum:]-]+.*(  max-(own
\(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ICMP Echo reply while lease
[.[:digit:]]{7,15} valid\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: uid lease [.0-9]{7,15} for client
[:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$
# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|reverse) map
from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: removed reverse map on
[._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map
[._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of
[.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to
[.0-9]{7,15}$
# These two rules match specifically for ddns_remove_a()
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT
"[[:alnum:]]+" rrset exists and [._[:alnum:]-]+ IN A [.0-9]{7,15}
rrset exists delete [._[:alnum:]-]+ IN A [.0-9]{7,15}: success\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN A rrset
doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+":
success\.$
# The preceding rules could be rewritten as follows to match most output from
# print_dns_status(), also called for the expr_dns_transaction opcode.  I'd
# rather not proceed without hearing from someone using DDNS updates, though.
#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd:( (if|and|add|delete) [._[:alnum:]-]+
([[:digit:]]+ )?IN ((A|PTR|MX|CNAME)( [._[:alnum:]-]+)?|TXT
"[^"]*"|CNAME <keydata>)( (rrset|domain)
(exists|doesn't exist))?)+: success\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Connecting to LDAP server
[:_.[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: TLS session successfully started
to [:_.[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Successfully logged into LDAP
server [._[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: (Found dhcpServer LDAP
entry|LDAP: Parsing dhcpServer options|LDAP: Parsing dhcpService DN|Found LDAP
entry|Parsing external DNs for) '[%=.,_[:alnum:]-]+'( \.\.\.)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: (Searching|No host entry) for
\(\&\(objectClass=dhcpHost\)\(dhcpHWAddress=ethernet
[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}\)\)
in LDAP tree [=,.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Found dhcpHWAddress LDAP entry
[-_=,.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending the following options:
'(filename \"[.[:alnum:]]+\"|(fixed-address|next-server)
[.[:digit:]]{7,15}|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line '(allow
booting|allow bootp|ddns-update-style
(ad-hoc|interim|none)|(default|max|min)-lease-time
[[:digit:]]+|authoritative|option domain-name "[._[:alnum:]-]+"|option
domain-name-servers [._,[:alnum:][:space:]-]+|option subnet-mask
[.[:digit:]]{7,15}|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line
'((subnet|netmask|option routers|option subnet-mask)
[.[:digit:]]{7,15}|(default|max|min)-lease-time
[[:digit:]]+|[[:space:]]|\{#012|\}#012|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line 'pool
(range [.[:digit:]]{7,15} [.[:digit:]]+|(default|min|max)-lease-time
[[:digit:]]+|failover peer "[-._[:alnum:]]+"|deny dynamic bootp
clients|[[:space:]]|\{#012|\}#012|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: bind update on
[.[:digit:]]{7,15} got ack from dhcp-failover: xid mismatch\.$
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: received SIGTERM,
stopping$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: dhcpcd [.0-9]+
starting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: broadcasting for
a lease$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]:
(acknowledged|offered)
(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])
from
(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: checking
(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])
is available on attached networks$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: renewing lease of
(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpcd\[[0-9]+\]: eth[0-9]: leased
(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])
for [0-9]+ seconds$

Processing control commands:
> reassign -1 src:isc-dhcp
Bug #688339 [logcheck-database] logcheck-database: dhcp: match IPv6-aware
records, too
Bug reassigned from package 'logcheck-database' to
'src:isc-dhcp'.
No longer marked as found in versions logcheck/1.3.15.
Ignoring request to alter fixed versions of bug #688339 to the same values
previously set
> retitle -1 incorporate logcheck snippets
Bug #688339 [src:isc-dhcp] logcheck-database: dhcp: match IPv6-aware records,
too
Changed Bug title to 'incorporate logcheck snippets' from
'logcheck-database: dhcp: match IPv6-aware records,
too'
> user debian-release at lists.debian.org
Unknown command or malformed arguments to command.
> usertag -1 bsp-2014-01-gb-Monmouth
Unknown command or malformed arguments to command.


-- 
688339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688339
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems