<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">We are using syslog-ng-3.4.0alpha2 binary and trying to run the syslog-ng server configuration file, but its not starting the syslog ng server.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">We are getting the following error incase of f__nonconsole_access filter when we ran the syslog-ng binary in debug mode.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:red">Filter rule evaluation result; result='match', rule='f_nonconsole_access', location='/ne_data/conf/syslogng/syslog-ng_server.conf:58:29'<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:red">**<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:red">ERROR:logmsg.c:535:log_msg_set_value_indirect: assertion failed: (!log_msg_is_write_protected(self))<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:red">Abort (core dumped)<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">PFA the debug.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The server conf is having the following line for the above mentioned filter,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:#4F6228">template ltemgr_msg_template { template("$S_ISODATE $HOST $FACILITY_NUM/$LEVEL_NUM $MSG\n"); };<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">#To strip of the msg_id introduced by syslogd<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">source s_LTEMGR_SYSLOG_CLIENTS{ tcp (ip (27.132.98.69) port(6515) max-connections(4)<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> tls(<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> key_file("/ne_data/conf/certificates/MOCM/MOCM_key.pem")<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> cert_file("/ne_data/conf/certificates/MOCM/MOCM_SB_server.pem")<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> ca_dir("/ne_data/conf/certificates/SYSLOGNG")<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> cipher_suite("ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2")<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> peer_verify(optional-untrusted)<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> )<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"> );<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">};<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">…….<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">destination d_ltemgr_nonconsoleaccess_log {file("/ne_data/syslog/ems" perm(0644) template(ltemgr_msg_template)); };<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">……<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">filter f_nonconsole_access { level(info..notice) and facility(auth) and ( match("Accepted password for" value("MESSAGE")) or match("Failed password for" value("MESSAGE")) ); };<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">…..<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:#4F6228">log { source(s_LTEMGR_SYSLOG_CLIENTS); filter(f_nonconsole_access); rewrite(rw_msg); destination(d_ltemgr_nonconsoleaccess_log); };<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="color:red"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D">Without debug mode, we were able to run the server but central logging is not happening when tried with logger command.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Anju<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<P><strong><span style='font-size:10.0pt;font-family:
"Palatino Linotype","serif";color:green'> Please do not print this email unless it is absolutely necessary. </span></strong><span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
<p> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. </p>
<p>WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. </p>
<p>
www.wipro.com
</p>
</body>
</html>