Bug#289246: [Logcheck-devel] Bug#289246: logcheck-database: Rules for dhcp don't work with vlan names like eth0.3

maximilian attems debian at sternwelten.at
Sat Jan 8 01:39:38 UTC 2005 

On Sat, 08 Jan 2005, Jose Calhariz wrote:

> On Sat, Jan 08, 2005 at 02:03:32AM +0100, maximilian attems wrote:
> > On Sat, 08 Jan 2005, Jose Calhariz wrote:
> > 
> > > When using vlans and dhcp, if is used the convention of naming vlans
> > > like eth0.3 or eth0.03, then filters don't work, because it expect
> > > that the interface name don't have a dot.
> > > 
> > > Follow some rules that need to be added to work with vlans.
> > > 
> > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([:._[:alnum:]-]+\) |)via [[:alnum:]]+.[[:alnum:]]+$
> > ..
> > please don't break current rules, you didn't supply any log messages
> > but from what i read from your intro
> > s/[[:alnum:]]+.[[:alnum:]]+/[.[:alnum:]]+/g at the end of your rules
> > should help. 
> > please test that and report also some loglines one can poke on.
> 
> This is one example of the rules I want to skip.
> 
> Jan  7 23:30:08 mariana dhcpd: DHCPDISCOVER from 00:30:05:15:92:e3 via eth0.0015
> Jan  7 23:30:08 mariana dhcpd: DHCPOFFER on 172.20.15.71 to 00:30:05:15:92:e3 via eth0.0015
> Jan  7 23:30:10 mariana dhcpd: DHCPREQUEST for 172.20.15.71 (172.20.15.251) from 00:30:05:15:92:e3 via eth0.0015
> Jan  7 23:30:10 mariana dhcpd: DHCPACK on 172.20.15.71 to 00:30:05:15:92:e3 via eth0.0015
> Jan  7 23:57:06 mariana dhcpd: DHCPREQUEST for 172.20.65.99 from 00:30:05:12:43:7f via eth0.0065
> Jan  7 23:57:06 mariana dhcpd: DHCPACK on 172.20.65.99 to 00:30:05:12:43:7f (OPET2) via eth0.0065
> Jan  7 23:57:12 mariana dhcpd: DHCPINFORM from 172.20.29.104 via eth0.0029
> Jan  7 23:57:16 mariana dhcpd: DHCPINFORM from 172.20.29.104 via eth0.0029
> Jan  7 23:58:22 mariana dhcpd: DHCPREQUEST for 172.20.46.200 from 00:00:e8:70:d0:48 via eth0.0046
> Jan  7 23:58:22 mariana dhcpd: DHCPACK on 172.20.46.200 to 00:00:e8:70:d0:48 via eth0.0046
> Jan  8 00:05:23 mariana dhcpd: DHCPINFORM from 172.20.81.144 via eth0.0081
> Jan  8 00:05:26 mariana dhcpd: DHCPINFORM from 172.20.81.144 via eth0.0081
> Jan  8 00:07:37 mariana dhcpd: DHCPREQUEST for 172.20.29.212 from 00:03:93:70:63:3c via eth0.0029
> Jan  8 00:07:37 mariana dhcpd: DHCPACK on 172.20.29.212 to 00:03:93:70:63:3c via eth0.0029
> Jan  8 00:52:03 mariana dhcpd: DHCPREQUEST for 172.20.29.217 from 00:03:93:91:7e:c8 via eth0.0029
> Jan  8 00:52:03 mariana dhcpd: DHCPACK on 172.20.29.217 to 00:03:93:91:7e:c8 via eth0.0029
> Jan  8 00:58:23 mariana dhcpd: DHCPREQUEST for 172.20.29.211 from 00:03:93:91:8d:ea via eth0.0029
> Jan  8 00:58:23 mariana dhcpd: DHCPACK on 172.20.29.211 to 00:03:93:91:8d:ea via eth0.0029
> 
> The rules I have sent to you, where generated after doing 
> s/via [[:alnum:]]+.[[:alnum:]]+/via [.[:alnum:]]+/g on the file dhcp
> to a new file.  
> 
> Why my rules can't be append to the old ones?

you didn't read my previous mail ;-)

anyway it would be cool if you could test attached set of rule,
that i commited to current cvs.
please remove before your first trial.

thanks
 
--
maks

-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): All rights reserved\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): For info, please visit http://www.isc.org/(products/DHCP|sw/dhcp/)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): Wrote [0-9]+ deleted host decls to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): Wrote [0-9]+ new dynamic host decls to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): Wrote [0-9]+ leases to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([:._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): BOOTREPLY for [.0-9]+ to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPOFFER on [.0-9]+ to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPREQUEST for [.0-9]+ (\([.0-9]+\) |)from [:._[:alnum:]-]+ (\([[:alnum:]]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPACK on [.0-9]+ to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPINFORM from [:[:alnum:]\.]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPNAK on [:[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPRELEASE on [.0-9]+$
#Added for dhcp 3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+(: load balance to peer [._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPOFFER on [.0-9]+ to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]+ (\([.0-9]+\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+(: load balance to peer [._[:alnum:]-]+|: lease owned by peer)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [.0-9]+ to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]+ via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [.0-9]+ from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [.[:alnum:]]+ \((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: pool [0-9a-f]{7} [.0-9]+/[:[:alnum:]]+ total [:[:alnum:]]+  free [:[:alnum:]]+  backup [:[:alnum:]]+  lts [:[:alnum:]-]+$

# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]+: no such RRset$

More information about the Logcheck-devel mailing list