Bug 259458

Summary:	net-analyzer/fail2ban's named regex should test for views
Product:	Gentoo Linux	Reporter:	Romain Riviere <gentoo>
Component:	New packages	Assignee:	Gentoo Netmon project <netmon>
Status:	RESOLVED FIXED
Severity:	minor
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	469950
Bug Blocks:
Attachments:	Proposed patch to add views to the named regex Named Views patch

Description Romain Riviere 2009-02-18 09:01:18 UTC

Example of a log line that is *not* parsed with the default named-refused.conf regex :
18-Feb-2009 00:44:03.010 client 62.109.4.89#9334: view external: query (cache) './NS/IN' denied

In order to catch these, perhaps the regex should be edited to read :

failregex = %(__line_prefix)sclient <HOST>#\S+: (view (internal|external):)? query(?: \(cache\))? '.*' denied\s*$

Reproducible: Always

Comment 1 Romain Riviere 2009-02-18 09:07:20 UTC

Created attachment 182402 [details, diff]
Proposed patch to add views to the named regex

Comment 2 Wormo (RETIRED) gentoo-dev

2009-02-19 01:23:03 UTC

Thanks for posting your fix, assigning to maintainers.

Comment 3 Romain Riviere 2009-02-20 14:34:03 UTC

Created attachment 182661 [details, diff]
Named Views patch

Typo in the previous patch : misplaced whitespace caused the regex not to match log lines without a view. That's fixed

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2013-06-06 16:34:56 UTC

  Romain Riviere
   * [0ac8746] Enhance named-refused filter for views.

Fixed in 0.8.9.