Package: logcheck-database
Version: 1.3.8
Severity: normal
After double checking that I had the most up to date logcheck-database
:-) I am seeing these lines reported.
May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving
'software.majix.org/A/IN': 2001:503:ba3e::2:30#53
I believe that this line was intended to match it.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]:
((network|host) (unreachable|down)|connection refused|unexpected RCODE
\((FORMERR|SERVFAIL|NXDOMAIN|NOTIMP|REFUSED|YXDOMAIN|YXRRSET|NXRRSET|NOTAUTH|NOTZONE|BADVERS|<rcode
[[:digit:]]+>|[[:digit:]]+)\)) resolving '[^[:space:]]+':
[.:[:xdigit:]]+#[[:digit:]]+$
The Lenny form of the syslog line would have been:
May 17 07:39:43 localhost named[2395]: network unreachable resolving
'38.106.104.86.in-addr.arpa/PTR/IN': 2001:610:240:0:53::193#53
The Lenny BIND syslog line matches the rule. Apparently a BIND syslog
line format change occurred. I haven't seen enough of the associated
errors to know what else may have changed.
bind9 1:9.7.0.dfsg.P1-1
For the time being I have added the following as a local rule.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: error
\((network|host) (unreachable|down)\) resolving '[^[:space:]]+':
[.:[:xdigit:]]+#[[:digit:]]+$
Thanks!
Bob
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
