Hi, Thank you.
In case you are interrested, here's my patch for it. He keeps working with previous versions of /isc-dhcp-server/. Best regards,
--- logcheck-1.3.17/rulefiles/linux/ignore.d.server/dhcp 2014-10-25 00:01:52.000000000 +0200 +++ logcheck-1.3.17-patched/rulefiles/linux/ignore.d.server/dhcp 2015-10-05 17:57:39.000000000 +0200 @@ -1,48 +1,48 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ (leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) [.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): All rights reserved\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): Wrote [0-9]+ (leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): BOOTREPLY (for|on) [.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|\[[[:digit:]]+\]|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ #Added for dhcp 3 -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|<no client hardware address>)\) via [._[:alnum:]-]+)?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: uid lease [.0-9]{7,15} for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|<no client hardware address>)\) via [._[:alnum:]-]+)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: uid lease [.0-9]{7,15} for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$ # Dyndns support -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: removed reverse map on [._[:alnum:]-]+\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Can't update forward map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: removed reverse map on [._[:alnum:]-]+\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Can't update forward map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$ # udhcpd support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to [.0-9]{7,15}$ # These two rules match specifically for ddns_remove_a() -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT "[[:alnum:]]+" rrset exists and [._[:alnum:]-]+ IN A [.0-9]{7,15} rrset exists delete [._[:alnum:]-]+ IN A [.0-9]{7,15}: success\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN A rrset doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+": success\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: if [._[:alnum:]-]+ IN TXT "[[:alnum:]]+" rrset exists and [._[:alnum:]-]+ IN A [.0-9]{7,15} rrset exists delete [._[:alnum:]-]+ IN A [.0-9]{7,15}: success\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: if [._[:alnum:]-]+ IN A rrset doesn't exist delete [._[:alnum:]-]+ IN TXT "[[:alnum:]]+": success\.$ # The preceding rules could be rewritten as follows to match most output from # print_dns_status(), also called for the expr_dns_transaction opcode. I'd # rather not proceed without hearing from someone using DDNS updates, though. -#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd:( (if|and|add|delete) [._[:alnum:]-]+ ([[:digit:]]+ )?IN ((A|PTR|MX|CNAME)( [._[:alnum:]-]+)?|TXT "[^"]*"|CNAME <keydata>)( (rrset|domain) (exists|doesn't exist))?)+: success\.$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Connecting to LDAP server [:_.[:alnum:]-]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: TLS session successfully started to [:_.[:alnum:]-]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Successfully logged into LDAP server [._[:alnum:]-]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: (Found dhcpServer LDAP entry|LDAP: Parsing dhcpServer options|LDAP: Parsing dhcpService DN|Found LDAP entry|Parsing external DNs for) '[%=.,_[:alnum:]-]+'( \.\.\.)?$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: (Searching|No host entry) for \(\&\(objectClass=dhcpHost\)\(dhcpHWAddress=ethernet [[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}\)\) in LDAP tree [=,.[:alnum:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Found dhcpHWAddress LDAP entry [-_=,.[:alnum:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending the following options: '(filename \"[.[:alnum:]]+\"|(fixed-address|next-server) [.[:digit:]]{7,15}|;#012)+'$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line '(allow booting|allow bootp|ddns-update-style (ad-hoc|interim|none)|(default|max|min)-lease-time [[:digit:]]+|authoritative|option domain-name "[._[:alnum:]-]+"|option domain-name-servers [._,[:alnum:][:space:]-]+|option subnet-mask [.[:digit:]]{7,15}|;#012)+'$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line '((subnet|netmask|option routers|option subnet-mask) [.[:digit:]]{7,15}|(default|max|min)-lease-time [[:digit:]]+|[[:space:]]|\{#012|\}#012|;#012)+'$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: Sending config line 'pool (range [.[:digit:]]{7,15} [.[:digit:]]+|(default|min|max)-lease-time [[:digit:]]+|failover peer "[-._[:alnum:]]+"|deny dynamic bootp clients|[[:space:]]|\{#012|\}#012|;#012)+'$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd: bind update on [.[:digit:]]{7,15} got ack from dhcp-failover: xid mismatch\.$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?:( (if|and|add|delete) [._[:alnum:]-]+ ([[:digit:]]+ )?IN ((A|PTR|MX|CNAME)( [._[:alnum:]-]+)?|TXT "[^"]*"|CNAME <keydata>)( (rrset|domain) (exists|doesn't exist))?)+: success\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Connecting to LDAP server [:_.[:alnum:]-]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: TLS session successfully started to [:_.[:alnum:]-]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Successfully logged into LDAP server [._[:alnum:]-]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: (Found dhcpServer LDAP entry|LDAP: Parsing dhcpServer options|LDAP: Parsing dhcpService DN|Found LDAP entry|Parsing external DNs for) '[%=.,_[:alnum:]-]+'( \.\.\.)?$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: (Searching|No host entry) for \(\&\(objectClass=dhcpHost\)\(dhcpHWAddress=ethernet [[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}\)\) in LDAP tree [=,.[:alnum:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Found dhcpHWAddress LDAP entry [-_=,.[:alnum:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Sending the following options: '(filename \"[.[:alnum:]]+\"|(fixed-address|next-server) [.[:digit:]]{7,15}|;#012)+'$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Sending config line '(allow booting|allow bootp|ddns-update-style (ad-hoc|interim|none)|(default|max|min)-lease-time [[:digit:]]+|authoritative|option domain-name "[._[:alnum:]-]+"|option domain-name-servers [._,[:alnum:][:space:]-]+|option subnet-mask [.[:digit:]]{7,15}|;#012)+'$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Sending config line '((subnet|netmask|option routers|option subnet-mask) [.[:digit:]]{7,15}|(default|max|min)-lease-time [[:digit:]]+|[[:space:]]|\{#012|\}#012|;#012)+'$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: Sending config line 'pool (range [.[:digit:]]{7,15} [.[:digit:]]+|(default|min|max)-lease-time [[:digit:]]+|failover peer "[-._[:alnum:]]+"|deny dynamic bootp clients|[[:space:]]|\{#012|\}#012|;#012)+'$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpd(\[[[:digit:]]+\])?: bind update on [.[:digit:]]{7,15} got ack from dhcp-failover: xid mismatch\.$
signature.asc
Description: OpenPGP digital signature