[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)

Wed, 25 Jan 2017 14:10:01 -0800 

Your message dated Wed, 25 Jan 2017 22:05:36 +0000
with message-id <e1cwvha-0002wm...@fasolo.debian.org>
and subject line Bug#799041: fixed in logcheck 1.3.18
has caused the Debian Bug report #799041,
regarding Updated rules for isc-dhcp-server
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: logcheck-database
Version: 1.3.17
Severity: normal
Tags: patch

isc-dhcp-server has added the PID to the log output since version 4.3.3-2:
  * Enable pid file logging (closes: #792928).

This spams logcheck output.

Attached is a new version of /etc/logcheck/ignore.d.server/dhcp
which matches the new log output.

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet 
(Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet 
(Software|Systems) Consortium\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit 
http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ 
(leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) 
from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) 
[.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for 
[.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) 
)?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to 
[:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) 
(on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$
#Added for dhcp 3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from 
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer 
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on 
[.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for 
[.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via 
[._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by 
peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from 
[.0-9]{7,15} via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of 
[.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ 
\((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to 
[.0-9]{7,15}( \(([:[:xdigit:]]+|<no client hardware address>)\) via 
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) 
)?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+  free 
[:[:alnum:]]+  backup [:[:alnum:]]+  lts [:[:alnum:]-]+.*(  max-(own 
\(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while 
lease [.[:digit:]]{7,15} valid\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15} 
for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$
# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new 
)?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on 
[._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward 
map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of 
[.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to 
[.0-9]{7,15}$
# These two rules match specifically for ddns_remove_a()
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: if [._[:alnum:]-]+ IN 
TXT "[[:alnum:]]+" rrset exists and [._[:alnum:]-]+ IN A [.0-9]{7,15} rrset 
exists delete [._[:alnum:]-]+ IN A [.0-9]{7,15}: success\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: if [._[:alnum:]-]+ IN A 
rrset doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+": success\.$
# The preceding rules could be rewritten as follows to match most output from
# print_dns_status(), also called for the expr_dns_transaction opcode.  I'd
# rather not proceed without hearing from someone using DDNS updates, though.
#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]:( (if|and|add|delete) 
[._[:alnum:]-]+ ([[:digit:]]+ )?IN ((A|PTR|MX|CNAME)( [._[:alnum:]-]+)?|TXT 
"[^"]*"|CNAME <keydata>)( (rrset|domain) (exists|doesn't exist))?)+: success\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Connecting to 
LDAP server [:_.[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: TLS session 
successfully started to [:_.[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Successfully 
logged into LDAP server [._[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: (Found dhcpServer 
LDAP entry|LDAP: Parsing dhcpServer options|LDAP: Parsing dhcpService DN|Found 
LDAP entry|Parsing external DNs for) '[%=.,_[:alnum:]-]+'( \.\.\.)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: (Searching|No 
host entry) for \(\&\(objectClass=dhcpHost\)\(dhcpHWAddress=ethernet 
[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}\)\)
 in LDAP tree [=,.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Found 
dhcpHWAddress LDAP entry [-_=,.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending the 
following options: '(filename \"[.[:alnum:]]+\"|(fixed-address|next-server) 
[.[:digit:]]{7,15}|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config 
line '(allow booting|allow bootp|ddns-update-style 
(ad-hoc|interim|none)|(default|max|min)-lease-time 
[[:digit:]]+|authoritative|option domain-name "[._[:alnum:]-]+"|option 
domain-name-servers [._,[:alnum:][:space:]-]+|option subnet-mask 
[.[:digit:]]{7,15}|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config 
line '((subnet|netmask|option routers|option subnet-mask) 
[.[:digit:]]{7,15}|(default|max|min)-lease-time 
[[:digit:]]+|[[:space:]]|\{#012|\}#012|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Sending config 
line 'pool (range [.[:digit:]]{7,15} [.[:digit:]]+|(default|min|max)-lease-time 
[[:digit:]]+|failover peer "[-._[:alnum:]]+"|deny dynamic bootp 
clients|[[:space:]]|\{#012|\}#012|;#012)+'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: bind update on 
[.[:digit:]]{7,15} got ack from dhcp-failover: xid mismatch\.$

--- End Message ---
--- Begin Message --- 
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 799...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
     - fix check if rule files are unreadable, thanks to Simon Ruderich
       for the patch (closes: #418147)
   * src/logcheck-test:
     - make mktemp usage more portable
   * Makefile:
     - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
     - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
     - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
     - add generic preauth disconnect rule (closes: #775090)
     - adjust 'Bad protocol version identification' rule, thanks to
       Paul Brossier for the patch (closes: #703936)
     - allow new FingerprintHash format (closes: #799304)
     - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
     - match more disconnect messages
   * ignore.d.server/su:
     - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
     - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
     - adjust CTRL-EVENT-CONNECTED rule
     - add another CTRL-EVENT-DISCONNECTED rule
     - adjust multiple rules to match added interface name
     - allow '.' in SSID
     - match 'SME: ' prefix in 'Trying to associate' message
     - match 'freq=', 'address=' and 'uuid=' wpa_action messages
     - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
     - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
     - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
     - match domain name in query message, thanks to Wojciech Nizinski
       for the patch
     - ignore DNSSEC rekeying (closes: #825170)
   * ignore.d.server/openvpn:
     - match arbitrary mtu sizes (closes: #815755)
   * ignore.d.server/snmpd:
     - match optional port (closes: #644886)
   * ignore.d.server/postfix:
     - remove obsolete rule (closes: #822165)
   * ignore.d.server/systemd-timesyncd: new
     - match 'interval/delta/delay/jitter/drift' message
   * ignore.d.server/kernel:
     - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger
        for the patch (closes: #797512)
   * ignore.d.server/systemd: new
     - add some generic rules (closes: #783633)
   * debian/control:
     - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
       patch (closes: #786815)
     - use secure Vcs-* fields
     - bump to Standards-Version 3.9.8 (no changes necessary)
   * debian/copyright: update copyright year to 2017
   * Remove obsolete debian/logcheck-database.postinst
   * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for
     the initial patch (closes: #481353)
   * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle
     for the patch
   * Remove references to 'logcheck.org'
Checksums-Sha1:
 d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc
 361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz
Checksums-Sha256:
 0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857 
logcheck_1.3.18.dsc
 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252 
logcheck_1.3.18.tar.xz
Files:
 4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc
 0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi
71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj
i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7
zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1
cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY
WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p
oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC
9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq
+8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h
ZZ/i434i
=kISm
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel

Reply via email to