[Logcheck-commits] martin f. krafft: * ignore.d.server/dhcp:

Wed Jul 16 11:03:49 UTC 2008

Module: logcheck
Branch: etch-backports
Commit: 914b748601d126a17d309161e5244e7bf5b4c7fb
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=914b748601d126a17d309161e5244e7bf5b4c7fb

Author: martin f. krafft <madduck at debian.org>
Date:   Wed Jun 25 12:15:36 2008 +0100

* ignore.d.server/dhcp:
  - ignore DHCPACKs that have no hardware address (Windows).

---

 debian/changelog                     |    2 ++
 rulefiles/linux/ignore.d.server/dhcp |    2 +-
 2 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b39cb5b..f727a78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -42,6 +42,8 @@ logcheck (1.2.65) unstable; urgency=low
       mostly portscanners, or hosts connecting to openvpn on ports like 443.
   * ignore.d.server/schroot:
     - ignore operational schroot messages for logins and running commands.
+  * ignore.d.server/dhcp:
+    - ignore DHCPACKs that have no hardware address (Windows).
   * fix wording in header.txt (closes: #472937).
 
  -- martin f. krafft <madduck at debian.org>  Tue, 24 Jun 2008 18:56:26 +0100
diff --git a/rulefiles/linux/ignore.d.server/dhcp b/rulefiles/linux/ignore.d.server/dhcp
index 9a7fddd..537cb8f 100644
--- a/rulefiles/linux/ignore.d.server/dhcp
+++ b/rulefiles/linux/ignore.d.server/dhcp
@@ -19,7 +19,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]{7,15} via [.[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]-]+ \((not |)found\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]{7,15}( \([:[:alnum:]]+\) via [.[:alnum:]-]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|<no client hardware address>)\) via [.[:alnum:]-]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: pool [0-9a-f]{7} [.0-9]{7,15}/[:[:alnum:]]+ total [:[:alnum:]]+  free [:[:alnum:]]+  backup [:[:alnum:]]+  lts [:[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Abandoning IP address [.[:digit:]]{7,15} pinged before offer$


