<html><head></head><body><div style="font-family:times new roman, new york, times, serif;font-size:13px;"><div><div>Unfortunately, I do not have the luxury to perform any testing since we do not have any test switch setup and due to resources. I will be removing v3.14 and installing v3.5..</div><div><br></div><div>Just to be clear, I did receive the syslog messages into the directory where I want the logs to be at. The only issue is the $HOST not displaying correctly from my Switch's syslog. From what I can see, it looks like the $HOST displayed was from the first word of the received syslog message.</div><div><br></div><div class="ydpd0b202e4signature"><font face="arial"><div><font color="#00407f"><strong><font face="times new roman"><em><u><font face="arial">Joshua Lai</font></u> </em></font></strong></font></div></font></div></div>
<div><br></div><div><br></div>
<div id="ydp2e854136yahoo_quoted_6287853912" class="ydp2e854136yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, May 1, 2018, 5:45:10 PM PDT, Scheidler, Balázs <balazs.scheidler@balabit.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="ydp2e854136yiv9701544337"><div><div>Interesting that I saw this message the first time in your response, and not the original one.<div><br clear="none"></div><div>Anyhow, to understand the problem we would need an exact byte-by-byte representation of what syslog-ng is receiving from the switch together with the configuration that is used to process it. A tcpdump or an "Incoming message" from syslog debug outout should work.</div><div><br clear="none"></div><div>We haven't intentionally changed the syslog parser as far as I remember.</div></div><div class="ydp2e854136yiv9701544337yqt6920010710" id="ydp2e854136yiv9701544337yqt90364"><div class="ydp2e854136yiv9701544337gmail_extra"><br clear="none"><div class="ydp2e854136yiv9701544337gmail_quote">On May 1, 2018 22:50, "Clayton Dukes" <<a shape="rect" href="mailto:cdukes@logzilla.net" rel="nofollow" target="_blank">cdukes@logzilla.net</a>> wrote:<br clear="none"><blockquote class="ydp2e854136yiv9701544337gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US">
<div class="ydp2e854136yiv9701544337m_-7649788740190382892WordSection1">
<p class="ydp2e854136yiv9701544337MsoNormal">Interesting! We’ve been getting a lot of support tickets for this very problem.<u></u><u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal">I can easily recreate the issue.<u></u><u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal">Balabit Team: is this a new bug?<u></u><u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;"><u></u> <u></u></span></p>
<table class="ydp2e854136yiv9701544337m_-7649788740190382892MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="71%" style="width:71.0%;border-collapse:collapse;"><tbody><tr><td colspan="1" rowspan="1" valign="top" width="5%" style="width:5.0%;padding:0in 0in 0in 0in;">
<p class="ydp2e854136yiv9701544337MsoNormal"><b><span style="font-size:12.0pt;"><img id="ydp2e854136yiv9701544337m_-7649788740190382892Picture_x0020_4" width="56" height="180" style="width:.5833in;min-height:1.875in;" src="cid:LCa5S2o4eunxyD8sYKWG" alt="cid:image001.png@01D306E3.0FEBC990" data-inlineimagemanipulating="true" draggable="false"><u></u><u></u></span></b></p>
</td><td colspan="1" rowspan="1" valign="top" width="1%" style="width:1.06%;background:#f75f1c;padding:0in 0in 0in 0in;">
<p class="ydp2e854136yiv9701544337MsoNormal"><b><span style="font-size:12.0pt;"><u></u> <u></u></span></b></p>
</td><td colspan="1" rowspan="1" valign="top" width="80%" style="width:80.0%;padding:0in 5.4pt 0in 5.4pt;">
<p class="ydp2e854136yiv9701544337MsoNormal"><b><span style="font-size:12.0pt;">Clayton Dukes</span></b><span style="font-size:12.0pt;"><u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;">Founder & CEO<u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;">LogZilla Corporation<br clear="none">
<a shape="rect" href="https://maps.google.com/?q=2900+N.+Quinlan+Park+Rd&entry=gmail&source=g" rel="nofollow" target="_blank">2900 N. Quinlan Park Rd</a>, B240-341<br clear="none">
Austin, TX, 78732<u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;">Tel: 936-4NetOps (463-8677) <u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;">Web:
<a shape="rect" href="http://www.logzilla.net/" rel="nofollow" target="_blank"><span style="color:#afabab;">www.logzilla.net</span></a><u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><a shape="rect" href="https://twitter.com/logzilla" rel="nofollow" target="_blank"><span style="font-size:12.0pt;"><img id="ydp2e854136yiv9701544337m_-7649788740190382892Picture_x0020_3" border="0" width="48" height="11" style="width:.5in;min-height:.1145in;" src="cid:LQpp5WtnvH8BtzXm36k9" alt="cid:image002.png@01D306E3.0FEBC990" data-inlineimagemanipulating="true" draggable="false"></span></a><a shape="rect" href="https://youtu.be/drg5wv_mgfA" rel="nofollow" target="_blank"><span style="font-size:12.0pt;"><img id="ydp2e854136yiv9701544337m_-7649788740190382892Picture_x0020_2" border="0" width="39" height="11" style="width:.4062in;min-height:.1145in;" src="cid:Mc3K64KwrdjboSSnYps1" alt="cid:image003.png@01D306E3.0FEBC990" data-inlineimagemanipulating="true" draggable="false"></span></a><a shape="rect" href="https://www.linkedin.com/in/lzcdukes/" rel="nofollow" target="_blank"><span style="font-size:12.0pt;"><img id="ydp2e854136yiv9701544337m_-7649788740190382892Picture_x0020_1" border="0" width="40" height="11" style="width:.4166in;min-height:.1145in;" src="cid:k5CmKSLaWP2ZAnYEefNS" alt="cid:image004.png@01D306E3.0FEBC990" data-inlineimagemanipulating="true" draggable="false"></span></a><span style="font-size:12.0pt;"><u></u><u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><span style="font-size:12.0pt;"><u></u> <u></u></span></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><i><span style="font-size:12.0pt;">For NetOps, By NetOps!<u></u><u></u></span></i></p>
</td></tr></tbody></table>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in;">
<p class="ydp2e854136yiv9701544337MsoNormal"><b><span style="font-size:12.0pt;color:black;">From: </span></b><span style="font-size:12.0pt;color:black;">syslog-ng <<a shape="rect" href="mailto:syslog-ng-bounces@lists.balabit.hu" rel="nofollow" target="_blank">syslog-ng-bounces@lists. balabit.hu</a>> on behalf of Joshua <<a shape="rect" href="mailto:aces621@yahoo.com" rel="nofollow" target="_blank">aces621@yahoo.com</a>><br clear="none">
<b>Reply-To: </b>Joshua <<a shape="rect" href="mailto:aces621@yahoo.com" rel="nofollow" target="_blank">aces621@yahoo.com</a>>, Syslog-ng users' and developers' mailing list <<a shape="rect" href="mailto:syslog-ng@lists.balabit.hu" rel="nofollow" target="_blank">syslog-ng@lists.balabit.hu</a>><br clear="none">
<b>Date: </b>Monday, April 30, 2018 at 7:09 PM<br clear="none">
<b>To: </b>"<a shape="rect" href="mailto:syslog-ng@lists.balabit.hu" rel="nofollow" target="_blank">syslog-ng@lists.balabit.hu</a>" <<a shape="rect" href="mailto:syslog-ng@lists.balabit.hu" rel="nofollow" target="_blank">syslog-ng@lists.balabit.hu</a>><br clear="none">
<b>Subject: </b>[Suspected Spam] [syslog-ng] hostname not appearing correctly when receiving logs from switches<u></u><u></u></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><a shape="rect" name="m_-7649788740190382892__MailOriginalBody"><span style="font-size:10.0pt;">Hi All,<u></u><u></u></span></a></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;"><u></u> <u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;">I am pretty new to syslog-ng but do have some basic knowledge. I have deployed syslog-ng v3.14 on a newly deployed Linux server
because syslog-ng v3.5 is working very well on another syslog server. <u></u><u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;"><u></u> <u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;">On this new deployment, the syslogs received from most of the servers are able to show IP/host, however, the syslogs from our
switches contains IP/host showing as ":" (colons). I copied the current working custom build .conf from another syslog server into our new server. Can someone help me figure out what I am missing? It is working for some components but not for switches. I tested
the same switch by sending syslog to another syslog server and the hostname is appearing but just not appearing on the new syslog server. The only difference between the two server is that one uses v3.5 (the working one) and the other uses syslog-ng v3.14.<u></u><u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;"><u></u> <u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;">I have set: "keep_hostname (yes)" but it still doesn't work.<u></u><u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;"><u></u> <u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;">Can someone please help? Am I missing something here?<u></u><u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;"><u></u> <u></u></span></span></p>
</div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><span style="font-size:10.0pt;">Thanks<u></u><u></u></span></span></p>
</div>
<div>
<div>
<p class="ydp2e854136yiv9701544337MsoNormal"><span><em><b><u><span style="font-size:10.0pt;">Joshua Lai</span></u></b></em></span><span><em><b><span style="font-size:10.0pt;color:#00407f;"> </span></b></em></span><span></span><span style="font-size:10.0pt;"><u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote></div></div></div></div></div></div>
</div>
</div></div></body></html>