[Logcheck-devel] Bug#283331: logcheck-database: changes to ignore.d.server dnsmasq and ntpdate
bug hunter #742
NBGSWGARRYHC at spammotel.com
Sun Nov 28 08:35:31 UTC 2004
Package: logcheck-database
Version: 1.2.31
Severity: wishlist
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]:
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)[()[:alnum:]]+
[ :[:alnum:].]+$
might be more accurately:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]:
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)([[:alnum:]]+)
[ :[:alnum:]._-]+$
To break it down:
1.
[()[:alnum:]]+
trying to match something like "(eth1)"
would more accurate:
([[:alnum:]]+)
2.
[ :[:alnum:].]+
I noticed that this didn't match computer names with underscores like
"TEST_COM"
so this just adds underscores and dashes. I'm not positive that's the
best approach and I'm not sure of the need for the space and colon but
this is the safe approach.
[ :[:alnum:]._-]+
Also I would add this line to dnsmasq as it occurs when you use dnsmasq
as a local dns caching server (that is have 127.0.0.1 in resolve.conf):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: ignoring
nameserver 127.0.0.1 - local interface$
Finally, I added this line for ntpdate in my setup:
ntpdate\[[0-9]+\]: step time server .* offset 0\.[0-9]+ sec
This ignores time steps that are less than 1 second which I don't
consider a big deal and I'm not sure others would either so I submit it
for inclusion.
More information about the Logcheck-devel
mailing list