<div dir="ltr">Hello,<div><br></div><div>Sorry to keep you hanging there. You could use *template* to get any kind of format you want, but for syslog there is also a flags option. Simply udo6( ... flags(syslog-protocol)); should be the same as syslog(...);</div><div><br></div><div><br></div><div>--</div><div>Kokan</div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri <<a href="mailto:venkates.vin@gmail.com">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>HI Kokan,</div><div>Could you please let me the info for my previous email? </div><div><br></div><div><br></div><div>Regards,<br>V/<br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri <<a href="mailto:venkates.vin@gmail.com" target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Thanks for your reply,</div><div><br></div><div>For <b>non RFC-5424</b> format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version </div><div><b>destination df_remote_0 {<font style="background-color:rgb(255,255,0)">udp6</font>("::1");};</b></div><div>Hence we tried with the below config for RFC-5424 with IPV6:</div><div><span style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;text-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>destination df_remote_0 {syslog("::1</b></span><span style="font:400 13.33px/19.99px Arial,Helvetica,sans-serif;text-align:left;color:rgb(34,34,34);text-transform:none;text-indent:0px;letter-spacing:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>" transport("<font style="background-color:rgb(255,255,0)">udp6</font>"));};</b> and you mentioned there is no such protocol, which I agree with you.</span><br></div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br></div><div>To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working.</div><div><span style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;text-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};</b></span></div><div><span style="font:400 13.33px/19.99px Arial,Helvetica,sans-serif;text-align:left;color:rgb(34,34,34);text-transform:none;text-indent:0px;letter-spacing:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6.</span></div><div><br></div><div>My question is :</div><div><b>I<span style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;text-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">n syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?</span></b></div><div><b><span style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;text-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">If so could you please share the config ?</span></b></div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><b></b><br></div><div>Please share you inputs for the version syslog-ng-3.3.7.?</div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br></div><div>Thanks & Regards,</div><div>V/</div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <<a href="mailto:peter.kokai@oneidentity.com" target="_blank">peter.kokai@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.</div><div><br></div><div>I do not see a reason why won't it work, and you could use stuff like system() source.</div><div><br></div><div>--</div><div>Kokan</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <<a href="mailto:venkates.vin@gmail.com" target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Thanks kokan for your reply,</div><div><br></div><div>I am getting the below error after making the change as you suggested</div><div><b>destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};</b></div><div><b></b><br></div><div>Error:</div><div>=====</div><div>Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78:</div><div>destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};<br> ^^^^^^^^^^^<br>Please suggest.</div><div><br></div><div>Regards,</div><div>V/</div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <<a href="mailto:peter.kokai@oneidentity.com" target="_blank">peter.kokai@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<br><br>The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* <br><div>There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)</div><div><br></div><div>All together syslog("::1" transport("udp") ip-protocol(6)); should work.</div><div><br></div><div>--</div><div>Kokan</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <<a href="mailto:venkates.vin@gmail.com" target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi,</div><div><br></div><div><font style="background-color:rgb(255,255,0)"><b>issue</b>: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format</font></div><div><font style="background-color:rgb(255,242,204)">Using below command to run syslog-ng:</font></div><div><font style="background-color:rgb(208,224,227)"><font style="background-color:rgb(255,242,204)"></font>/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid</font><font style="background-color:rgb(255,255,0)"><br><div><br></div><div>Getting the below error:</div><div>------------------------------</div><div><b>syslog-ng: Error changing to <br>Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'</b></div><div><b></b><br></div></font></div><div>Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.</div><div><br></div><div>we are using syslog-ng-3.3.7 version.</div><div><br></div><div><b>If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?</b><br></div><div></div><div><br></div><div>I am using the below configuration in syslog-ng.conf:</div><div>========================================</div><div>options {<br> stats_freq (0);<br> flush_lines (0);<br> time_reopen (10);<br> log_fifo_size (10000);<br> chain_hostnames (off);<br> use_dns (no);<br> create_dirs (no);<br> keep_hostname (no);<br> perm(0640);<br> group("root");<br>};<br><br></div><div><br></div><div># sources<br></div><div>source s_all {</div><div> internal(); </div><div>unix-stream("/dev/log"); </div><div>file("/proc/kmsg" program_override("kernel: "));</div><div> };<br><br></div><div><br></div><div>filter f_remote { facility(local7); };<br></div><div>destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));};<br>log { source(s_all); filter(f_remote); destination(df_remote_0</div><div><br></div><div>Please help if there is any issue in the above configuration?</div><div><br></div><div>Regards,</div><div>V/</div></div></div></div></div></div></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>