csf.logignore is not applied
Posted: 29 Sep 2024, 15:54
I have hourly Log Scanner Report enabled, however they are flooded with messages like this snippet:
I do have the added to the /etc/csf/csf.logignore and applied the change by csf -ra but it didn't remove the lines as mentioned above.
What am I doing wrong and how can I convince lfd to ignore these messages? My regexp seem to be correct, I have checked it manually.
Code: Select all
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f2130057918 45.148.10.248#6967 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f2128012e68 45.148.10.248#11681 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f2139636318 45.148.10.248#17255 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f21283536d8 45.148.10.248#30987 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f2138989428 45.148.10.248#20839 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f213898a5b8 45.148.10.248#11465 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f212c05e4a8 45.148.10.248#8399 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f21302099e8 45.148.10.248#7153 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f212c319538 45.148.10.248#26487 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:52:53 REDACTED named[3950954]: client @0x7f212c35d568 45.148.10.248#27491 (ccb.gov): query (cache) 'ccb.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f21302099e8 45.148.10.248#23951 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f21283536d8 45.148.10.248#12095 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f2130057918 45.148.10.248#13013 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f213898a5b8 45.148.10.248#14137 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c35d568 45.148.10.248#5973 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c319538 45.148.10.248#27263 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c05e4a8 45.148.10.248#19767 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c01a7b8 45.148.10.248#18307 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c015738 45.148.10.248#24731 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:55:04 REDACTED named[3950954]: client @0x7f212c01d658 45.148.10.248#6193 (crs.gov): query (cache) 'crs.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f213898a5b8 45.148.10.248#6821 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f212c01d658 45.148.10.248#2173 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f2138989428 45.148.10.248#29789 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f212c015738 45.148.10.248#19151 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f2139636318 45.148.10.248#7413 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f21283536d8 45.148.10.248#10347 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f2128012e68 45.148.10.248#31659 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f21284fe328 45.148.10.248#12187 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f2130057918 45.148.10.248#24945 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:57:27 REDACTED named[3950954]: client @0x7f21284fe328 45.148.10.248#7377 (lis.gov): query (cache) 'lis.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f21284fe328 45.148.10.248#13513 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f2128012e68 45.148.10.248#16889 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f21283536d8 45.148.10.248#22195 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f2130057918 45.148.10.248#12679 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f2139636318 45.148.10.248#32031 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f212c015738 45.148.10.248#22209 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f212c01d658 45.148.10.248#10997 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f212c01a7b8 45.148.10.248#11405 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f212c05e4a8 45.148.10.248#13779 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Sep 28 11:59:50 REDACTED named[3950954]: client @0x7f212c319538 45.148.10.248#30539 (law.gov): query (cache) 'law.gov/ANY/IN' denied
Code: Select all
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client \@0x[\da-f]+ [\d+\.]+\u0023\d+ \([\w\.]+\): query \(cache\) '[\w\.]+\/\w+\/IN' denied
What am I doing wrong and how can I convince lfd to ignore these messages? My regexp seem to be correct, I have checked it manually.