May 2001 - syslog-ng - lists.balabit.hu

RE: [syslog-ng]Syslog messages are getting combined...
by Scott, Joshua 02 May '01

02 May '01

Here are a few lines from syslog that are combined... Apr 26 13:46:20 dnsserver OK" proto=ht<27>named[10268]: check_hints: no A records for nccnt01.jacobs.com class 1 in hints Apr 26 13:46:20 dnsserver 0 OK" proto<29>named[10268]: check_root: 1 root servers after query to root server < min Apr 26 13:57:40 dnsserver - Bryan, TX\\\"<p<29>named[9492]: starting (/etc/named.conf). named 8.2.3-REL After the time and the hostname there is some extra data that comes from my firewalls syslog messages. Then comes named and it's data. -----Original Message----- From: Balazs Scheidler [mailto:bazsi@balabit.hu] Sent: Friday, April 27, 2001 1:59 AM To: syslog-ng(a)lists.balabit.hu Subject: Re: [syslog-ng]Syslog messages are getting combined... On Thu, Apr 26, 2001 at 01:47:17PM -0400, Scott, Joshua wrote: > Has anyone ever had an issue where sometimes you get the information from > one syslog message combined with another syslog message? Every one in a > while I get some of my firewall syslog messages combined with messages from > my DNS servers. This causes my scripts to fail since there is invalid data > in the log message. Can anyone shed some light for me? Thank you very > much! Could you send me some examples. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng(a)lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng

2 1

Does syslog-ng have a message character limit?
by Brian Leveille 02 May '01

02 May '01

I have a device sending syslog messages that are getting truncated to 250 characters. Anyone else seen this with syslog-ng? Brian Leveille ------------------- Senior Internetworking Engineer DefendNet Solutions, Inc. http://www.defendnet.com

3 2

-HUP to 1.4.11 doesn't close file descriptors?
by Adrian Chung 01 May '01

01 May '01

Hi all, I'm noticing some strange behaviour with syslog-ng 1.4.11 and libol 0.2.21. I've got named running in a chroot'd environment, with it's own /var/named/dev/log. Syslog-ng is configured to use both /dev/log and /var/named/dev/log as unix-stream sources, with output going to /var/daemon.log. When I logrotate the /var/log/daemon.log file, logging from named completely stops. It doesn't appear anywhere. Even after sending HUP signals to both named and syslog-ng. The only way that logging resumes is if I completely kill and restart syslog-ng. Seems like syslog-ng isn't flushing it's file handles? -- Adrian Chung - adrian(a)enfusion-group.com http://www.enfusion-group.com/~adrian 1:23pm up 75 days, 19:21 - [rogue.enfusion-group.com]

2 1