Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/bind
After #437891, I got yet another new "unexpected RCODE", this time
"NOTIMP". As I was starting to get pissed off, I copied the whole list
out of lib/dns/result.c, in an attempt to put an end to my headache.
If you insist on using an enumeration instead of ".*", here's the
complete list (aside from NOERROR, obviously):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
\((FORMERR|SERVFAIL|NXDOMAIN|NOTIMP|REFUSED|YXDOMAIN|YXRRSET|NXRRSET|NOTAUTH|NOTZONE|BADVERS|<rcode
[[:digit:]]+>|[[:digit:]]+)\) resolving '[^[:space:]]+': [.[:digit:]]+#[0-9]+$
(Remember that this is both a violations and a normal ignore rule.)
The source sets undefined rcodes such as 15 as "<rcode 15>", but they
show up as merely "15" in my log. The answer is too deep in the code
for me to figure out, so I stuck both in the rule.
For curiosity's sake, I tried to find if there were rcodes that would
never be unexpected, but there doesn't seem any common denominator.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- debconf information excluded
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
