pC_unixunixnamedstrappnotificationlameserverresolving.md

September 29, 2025 · View on GitHub

Parser Content

{
Name = unix-unixnamed-str-app-notification-lameserverresolving
  Vendor = Unix
  Product = Unix Named
  TimeFormat = "yyyy-MM-dd HH:mm:ss"
  Conditions = [ """lame server resolving""" ]
  Fields = [
    """\d\d:\d\d:\d\d ({host}\S+) named""",
    """lame server resolving \'({dns_query}[^']+?)\'""", # name_server is removed
    """({event_name}lame server resolving)""",
    """:\s+({dest_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){0,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(#?({dest_port}\d+))?"""
    """\s+({process_name}\S+)\[({process_id}\d+)\]\:\s*"""
  ]
  ParserVersion = "v1.0.0"


}