[Dnscheck-dev] Filter not working

Calle Dybedahl calle at init.se
Wed Jan 29 08:14:59 UTC 2014


On 28 jan 2014, at 14:54, Anand Buddhdev <anandb at ripe.net> wrote:

> filters:
>  'NAMESERVER:NOT_AUTH':
>    - args:
>        - ns.ripe.net
>      level: WARNING
>  'DNS:SOA_SERVFAIL':
>    - args:
>        - 193.0.9.6
>        - 2001:67c:e0:0:0:0:0:6
>      level: WARNING

Right. Two-part problem here. One is insufficient documentation of the filter functionality. The idea is that under each tag there is a list of hashes with the keys “args” and “level”. Each “args” should be a list of arguments, all of which have to match with an incoming message for the “level” to be applied. So to get the effect you’re after here, that SOA_SERVFAIL messages given with either of the two IP addresses be downgraded to WARNING, the filter spec should look like…

filters:
  'NAMESERVER:NOT_AUTH':
    - args:
        - 'ns.ripe.net'
        - '193.0.9.6'
      level: 'WARNING'
  'DNS:SOA_SERVFAIL':
    - args:
        - '193.0.9.6'
      level: 'WARNING'
    - args:
        - '2001:67c:e0:0:0:0:0:6'
      level: 'WARNING'

However, it also turns out that the code that implements this is buggy and only applies the first rule under each tag. So as of version 1.6.0 you can’t actually do what you’re trying to do. I’ll tag 1.6.1 with a fix for this and a couple more things (including the List::MoreUtils version dependency) towards the end of today.

-- 
Calle Dybedahl
calle at init.se -*- +46 703 - 970 612



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.iis.se/pipermail/dnscheck-dev/attachments/20140129/c5347b60/attachment.html>


More information about the Dnscheck-dev mailing list