Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 259458 - net-analyzer/fail2ban's named regex should test for views
Summary: net-analyzer/fail2ban's named regex should test for views
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Netmon project
URL:
Whiteboard:
Keywords:
Depends on: 469950
Blocks:
  Show dependency tree
 
Reported: 2009-02-18 09:01 UTC by Romain Riviere
Modified: 2013-06-06 16:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Proposed patch to add views to the named regex (fail2ban_named-views.patch,585 bytes, patch)
2009-02-18 09:07 UTC, Romain Riviere 		Details | Diff
Named Views patch (fail2ban_named-views_bis.patch,585 bytes, patch)
2009-02-20 14:34 UTC, Romain Riviere 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Romain Riviere 2009-02-18 09:01:18 UTC 
Example of a log line that is *not* parsed with the default named-refused.conf regex :
18-Feb-2009 00:44:03.010 client 62.109.4.89#9334: view external: query (cache) './NS/IN' denied

In order to catch these, perhaps the regex should be edited to read :

failregex = %(__line_prefix)sclient <HOST>#\S+: (view (internal|external):)? query(?: \(cache\))? '.*' denied\s*$

Reproducible: Always
Comment 1 Romain Riviere 2009-02-18 09:07:20 UTC 
Created attachment 182402 [details, diff]
Proposed patch to add views to the named regex
Comment 2 Wormo (RETIRED) gentoo-dev 2009-02-19 01:23:03 UTC 
Thanks for posting your fix, assigning to maintainers.
Comment 3 Romain Riviere 2009-02-20 14:34:03 UTC 
Created attachment 182661 [details, diff]
Named Views patch

Typo in the previous patch : misplaced whitespace caused the regex not to match log lines without a view. That's fixed
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-06-06 16:34:56 UTC 
  Romain Riviere
   * [0ac8746] Enhance named-refused filter for views.

Fixed in 0.8.9.