Example of a log line that is *not* parsed with the default named-refused.conf regex : 18-Feb-2009 00:44:03.010 client 62.109.4.89#9334: view external: query (cache) './NS/IN' denied In order to catch these, perhaps the regex should be edited to read : failregex = %(__line_prefix)sclient <HOST>#\S+: (view (internal|external):)? query(?: \(cache\))? '.*' denied\s*$ Reproducible: Always
Created attachment 182402 [details, diff] Proposed patch to add views to the named regex
Thanks for posting your fix, assigning to maintainers.
Created attachment 182661 [details, diff] Named Views patch Typo in the previous patch : misplaced whitespace caused the regex not to match log lines without a view. That's fixed
Romain Riviere * [0ac8746] Enhance named-refused filter for views. Fixed in 0.8.9.