<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Webdings;
panose-1:5 3 1 2 1 5 9 6 7 3;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:TKTypeRegular;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Preformattato HTML Carattere";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.PreformattatoHTMLCarattere
{mso-style-name:"Preformattato HTML Carattere";
mso-style-priority:99;
mso-style-link:"Preformattato HTML";
font-family:Consolas;
mso-fareast-language:IT;}
p.gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph, li.gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph, div.gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph
{mso-style-name:gmail-m_7164147658391925482gmail-m4058230334373719609msolistparagraph;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.StileMessaggioDiPostaElettronica20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:140196395;
mso-list-type:hybrid;
mso-list-template-ids:-960170598 1015964752 68157443 68157445 68157441 68157443 68157445 68157441 68157443 68157445;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="IT" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Dear Jànos<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thank you for you answer.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In this moment syslog-ng is up and running, with the “rebel” network devices logging on the original NIC.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Anyway I’m going to send you what you need as attachment.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In ipaddr.txt I changed the IP of the card, for security reason; UDP “rebel” devices are logging on ens32 while they should log (and they logged
before network services restart) on ens35. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-GB" style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:navy">Francesco Vincenti</span></b><b><span lang="EN-GB" style="color:navy"> <br>
</span></b><b><span lang="EN-GB" style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:navy">RHCSA Area Data Center Open Source, Quality and Security</span></b><span lang="EN-GB" style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:navy"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:9.0pt;font-family:"Calibri","sans-serif";color:navy">Aspasiel
</span><span lang="EN-US" style="font-size:9.0pt;font-family:"Cambria","serif";color:navy">Divisione</span><span lang="EN-US" style="font-size:9.0pt;font-family:"Cambria","serif";color:#333399"> della Società</span><span lang="EN-US" style="font-size:8.0pt;color:#333399"><br>
</span><span lang="EN-US" style="font-size:9.0pt;font-family:"Calibri","sans-serif";color:#333399">Acciai
</span><span style="font-size:9.0pt;font-family:"Calibri","sans-serif";color:#333399">Speciali Terni S.p.A. con Unico Socio</span><span style="font-size:8.0pt;color:navy"><br>
</span><span style="font-size:9.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Strada di Pentima, 3 – 05100 Terni</span><span style="font-size:8.0pt;font-family:TKTypeRegular;color:#1F497D">
</span><span style="font-size:8.0pt;font-family:TKTypeRegular;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:navy"><a href="mailto:francesco.vincenti@acciaiterni.it">francesco.vincenti@acciaiterni.it</a><br>
</span><u><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:blue"><a href="http://www.aspasiel.it/">www.aspasiel.it</a></span></u><span style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Ufficio: +39 0744 203224<br>
Fax: +39 0744 203444</span><span style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Segoe UI","sans-serif"">Da:</span></b><span style="font-size:10.0pt;font-family:"Segoe UI","sans-serif""> syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu]
<b>Per conto di </b>SZIGETVÁRI János<br>
<b>Inviato:</b> venerdì 28 luglio 2017 15:27<br>
<b>A:</b> Syslog-ng users' and developers' mailing list<br>
<b>Oggetto:</b> Re: [syslog-ng] UDP devices stop logging after network services restart.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear Francesco,<o:p></o:p></p>
</div>
<p class="MsoNormal">To rule out the possiblity of losing UDP logs, I would ask you to share the output of the following commands:<o:p></o:p></p>
</div>
<div>
<pre># cat /proc/net/udp<o:p></o:p></pre>
<pre># netstat -su<o:p></o:p></pre>
<pre># sysctl net.core.rmem_max<o:p></o:p></pre>
<pre># ps auxfw<o:p></o:p></pre>
<pre># top<o:p></o:p></pre>
<pre># lspci<o:p></o:p></pre>
<pre># /usr/sbin/syslog-ng --preprocess-into ~/syslog-ng.pp.conf<br># ip addr show<o:p></o:p></pre>
</div>
<p class="MsoNormal">Furthermore, you may find further useful information about sizing UDP buffers and other best practice infomation here:<br>
<a href="https://www.balabit.com/documents/syslog-ng-pe-6.0-guides/en/syslog-ng-tutorial-udp-source/html-single/index.html">https://www.balabit.com/documents/syslog-ng-pe-6.0-guides/en/syslog-ng-tutorial-udp-source/html-single/index.html</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Another useful infomation is that the net.core.rmem_max kernel parameter has to be at least the double of so-rcvbuf() setting. See man 7 socket for further information.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">In higher traffic UDP logging scenarios 256 MB for the rmem_max, and 128 MB for so-rcvbuf() might be useful.<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Please share the above information with us so that we can get a better picture of your setup.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Thank you!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">János<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Janos SZIGETVARI<br>
RHCE, License no. <a href="https://www.redhat.com/rhtapps/verify/?certId=150-053-692" target="_blank">
150-053-692</a><br>
<br>
__@__˚V˚<br>
Make the switch to open (source) applications, protocols, formats now:<br>
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice<br>
- msn -> jabber protocol (Pidgin, Google Talk)<br>
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2017-07-27 8:50 GMT+02:00 Vincenti Francesco <<a href="mailto:Francesco.Vincenti@acciaiterni.it" target="_blank">Francesco.Vincenti@acciaiterni.it</a>>:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Hello</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I have syslog-ng 3.7 installed on a CentOS7 Server with 4G RAM and 4 CPU.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">The server is receiving logs from almost 300 devices, either network devices (UDP) and servers (TCP).
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">The problem I have is the following: to reduce incoming traffic on initial two NICs I added two more NICs to the server, where I sent some UDP devices and it
worked immediately, without any issue. </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">But when I restarted network services (systemctl restart network) the devices stopped to log, they restarted only after I resent them to the initial NIC, without
any other action on syslog-ng server. </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">When I started syslog-ng in debug mode to verify this behavior I saw that these devices ARE NOT considered by syslog-ng at all, they are not present in logs generated
by debug, but they REACH the server (tcpdump shows them entering). </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I'm getting mad about this issue, any suggestion will be welcome.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> Following my configuration files:</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">-</span><span lang="EN-US" style="font-size:7.0pt">
</span><span lang="EN-US" style="background:yellow">/etc/syslog-ng/syslog-ng.conf</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"># Note: it also sources additional configuration files (*.conf)</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"># located in /etc/syslog-ng/conf.d/</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">options {</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> flush_lines (0);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> time_reopen (10);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> log_fifo_size (1000);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> chain_hostnames (off);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> use_dns (persist_only);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> dns-cache-hosts(/etc/hosts);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> use_fqdn (no);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> create_dirs (yes);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> keep_hostname (yes);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> owner ("1007");</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> group ("1007");</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> dir_owner ("1007");</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> dir_group ("1007");</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> dir_perm (0750);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">};</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">source s_sys {</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> system();</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> internal();</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> # udp(ip(0.0.0.0) port(514));</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">};</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_cons { file("/dev/console"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_mesg { file("/var/log/messages"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_auth { file("/var/log/secure"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_mail { file("/var/log/maillog" flush_lines(10)); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_spol { file("/var/log/spooler"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_boot { file("/var/log/boot.log"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_cron { file("/var/log/cron"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_kern { file("/var/log/kern"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_mlal { usertty("*"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_auth_loc { network ("127.0.0.1" port (601) ); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_kernel { facility(kern); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_default { level(info..emerg) and</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> not (facility(mail)</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> or facility(authpriv)</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> or facility(cron)); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_auth { facility(authpriv); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_mail { facility(mail); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_emergency { level(emerg); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_news { facility(uucp) or</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> (facility(news)</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> and level(crit..emerg)); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_boot { facility(local7); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_cron { facility(cron); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">#log { source(s_sys); filter(f_kernel); destination(d_cons); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_kernel); destination(d_kern); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_default); destination(d_mesg); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_auth); destination(d_auth); destination(d_auth_loc); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_mail); destination(d_mail); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_emergency); destination(d_mlal); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_news); destination(d_spol); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_boot); destination(d_boot); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_sys); filter(f_cron); destination(d_cron); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"># Source additional configuration files (.conf extension only)</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">@include "/etc/syslog-ng/conf.d/*.conf"</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"># vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:<o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"> <o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">-</span><span lang="EN-US" style="font-size:7.0pt">
</span><span lang="EN-US" style="background:yellow">/etc/syslog-ng/conf.d/network_dev.conf</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">source s_network_appa</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">{</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> network ( ip(0.0.0.0) port (514) transport ("udp") so-rcvbuf (4096000) );</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">};</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"># Destinazioni</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_network_udp { file("/var/log/syslog-ng/APPARATI/${YEAR}${MONTH}${DAY}/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755)
perm(0755) ) ; };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">filter f_appa_rete { not host ("SymantecServer") and not host ("part8") and not host ("parti") and not host ("partd") and not host ("part1") and not host ("parte")
and not host ("part10") and not host ("part11") and not host ("part12") and not host ("part3") and not host ("part6") and not host ("part8") and not host ("part9") and not host ("parta") and not host ("partc") and not host ("partd") and not host ("partf")
and not host ("partg") and not host ("parth") and not host ("partn") and not host ("parto") and not host ("<a href="http://SLITES8736.sercom.aspasiel.it" target="_blank">SLITES8736.sercom.aspasiel.it</a>") and not host ("172.23.112.47") and not host ("<a href="http://SLITES4557.sercom.aspasiel.it" target="_blank">SLITES4557.sercom.aspasiel.it</a>")
and not host ("172.23.X.Y") and not host ("<a href="http://SLITES4558.sercom.aspasiel.it" target="_blank">SLITES4558.sercom.aspasiel.it</a>") and not host ("172.23.X.Y") and not host ("<a href="http://SLITES4559.sercom.aspasiel.it" target="_blank">SLITES4559.sercom.aspasiel.it</a>")
and not host ("172.23.X.Y") and not host ("<a href="http://SLITES4560.sercom.aspasiel.it" target="_blank">SLITES4560.sercom.aspasiel.it</a>") and not host ("172.23.X.Y") and not host ("<a href="http://SLITES8731.sercom.aspasiel.it" target="_blank">SLITES8731.sercom.aspasiel.it</a>")
and not host ("172.23.X.Y") and not host ("<a href="http://SLITES8732.sercom.aspasiel.it" target="_blank">SLITES8732.sercom.aspasiel.it</a>") and not host ("172.23.X.Y") and not host ("<a href="http://SLITES8733.sercom.aspasiel.it" target="_blank">SLITES8733.sercom.aspasiel.it</a>")
and not host ("172.23.X.Y") and not host ("<a href="http://SLITES8734.sercom.aspasiel.it" target="_blank">SLITES8734.sercom.aspasiel.it</a>") and not host ("172.23.X.Y") and not host ("<a href="http://SLITES8735.sercom.aspasiel.it" target="_blank">SLITES8735.sercom.aspasiel.it</a>")
and not host ("172.23.X.Y") and not host ("slitdd2727"); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_network_appa); filter(f_appa_rete); destination(d_network_udp); };</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">-</span><span lang="EN-US" style="font-size:7.0pt">
</span><span lang="EN-US" style="background:yellow">/etc/syslog-ng/conf.d/server_TCP.conf</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">source s_server_sop</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">{</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> network ( ip(0.0.0.0) port(601) transport("tcp") max-connections(200) log_fetch_limit(100) log_iw_size(20000) );</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">};</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">destination d_server_sop</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">{</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> file("/var/log/syslog-ng/SERVER/${YEAR}${MONTH}${DAY}/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) flush_lines(100)
);</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">};</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US"># Indirizzo le destinazioni.</span><o:p></o:p></p>
<p class="gmail-m7164147658391925482gmail-m4058230334373719609msolistparagraph"><span lang="EN-US">log { source(s_server_sop); destination(d_server_sop); flags(flow-control); };</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I changed the following kernel parameters as follow:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">net.core.rmem_max = 4096000</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">net.core.wmem_max = 4096000</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Thanks in advance</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-GB" style="font-size:10.0pt;color:navy">Francesco Vincenti</span></b><b><span lang="EN-GB" style="color:navy"> <br>
</span></b><b><span lang="EN-GB" style="font-size:8.0pt;color:navy">RHCSA Area Data Center Open Source, Quality and Security</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;color:navy">Aspasiel
</span><span style="font-size:9.0pt;font-family:"Cambria","serif";color:navy">Divisione</span><span style="font-size:9.0pt;font-family:"Cambria","serif";color:#333399"> della Società</span><span style="font-size:8.0pt;color:#333399"><br>
</span><span style="font-size:9.0pt;color:#333399">Acciai Speciali Terni S.p.A. con Unico Socio</span><span style="font-size:8.0pt;color:navy"><br>
</span><span style="font-size:9.0pt;color:#1F497D">Strada di Pentima, 3 – 05100 Terni</span><span style="font-size:8.0pt;color:#1F497D">
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;color:navy"><a href="mailto:francesco.vincenti@acciaiterni.it" target="_blank">francesco.vincenti@acciaiterni.it</a><br>
</span><u><span style="font-size:8.0pt;color:blue"><a href="http://www.aspasiel.it/" target="_blank">www.aspasiel.it</a></span></u><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:8.0pt;color:#1F497D">Ufficio: <a href="tel:+39%200744%20203224" target="_blank">+39 0744 203224</a><br>
Fax: <a href="tel:+39%200744%20203444" target="_blank">+39 0744 203444</a></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto"><span lang="EN-US" style="font-size:10.0pt">This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient
or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify
the error at the following email address: </span><a href="mailto:helpdesk@aspasiel.it" target="_blank"><span lang="EN-US" style="font-size:10.0pt">helpdesk@aspasiel.it</span></a><span lang="EN-US" style="font-size:10.0pt"> or at Aspasiel Helpdesk Team by phone
(phone number <a href="tel:+39%200744%20203555" target="_blank">+390744203555</a>), and then delete this message from your system.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" style="font-size:22.0pt;font-family:Webdings;color:green">P
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Comic Sans MS";color:green">Please consider our environment and think before you print. Thank you!</span><span lang="EN-GB" style="color:blue">
</span><span lang="EN-GB" style="font-size:22.0pt;font-family:Webdings;color:green">q</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<meta name="Generator" content="Microsoft Word 15 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:TKTypeRegular;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Webdings;
panose-1:5 3 1 2 1 5 9 6 7 3;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0cm;
margin-right:0cm;
margin-bottom:10.0pt;
margin-left:0cm;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin-right:0cm;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
.MsoChpDefault
{font-family:"Calibri","sans-serif";}
.MsoPapDefault
{margin-bottom:10.0pt;
line-height:115%;}
@page WordSection1
{size:595.3pt 841.9pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:
normal">
<span lang="EN-US" style="font-size:10.0pt;font-family:"TKTypeRegular","serif"">This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent
responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the error at
the following email address: </span><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><a href="mailto:helpdesk@aspasiel.it"><span lang="EN-US" style="font-size:10.0pt;
font-family:"TKTypeRegular","serif"">helpdesk@aspasiel.it</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"TKTypeRegular","serif"">
or at Aspasiel Helpdesk Team by phone (phone number +390744203555), and then delete this message from your system.</span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:22.0pt;line-height:115%;
font-family:Webdings;color:green">P
</span><span lang="EN-GB" style="font-size:
10.0pt;line-height:115%;font-family:"Comic Sans MS";color:green">Please consider our environment and think before you print. Thank you!</span><span lang="EN-GB" style="font-size:12.0pt;line-height:115%;font-family:"Times New Roman","serif";
color:blue">
</span><span lang="EN-GB" style="font-size:22.0pt;line-height:115%;
font-family:Webdings;color:green">q</span></p>
</div>
</body>
</html>