On Wed, Apr 02, 2003 at 03:45:39PM -0500, Keith Resar wrote:
Occasionally I get radically malformed messages, which syslog-ng places in the wrong locations. The file destination writes these messages to $HOST/$PRIORITY, etc., but these varibales consist of this munged data.
Unfortunately, this forces me to manually clean out and remove the directory structure the messages created. Any ideas on how to prevent this from happening in the first place?
http://www.campin.net/syslog-ng/faq.html#bad_filenames covers this. It talks about not trusting input from the network when creating files, as you mention below. What worked for me was to use syslog-ng everywhere, transfer over TCP and set options { use_fqdn(yes); long_hostnames(off); keep_hostname(no); use_dns(yes); }; I'd think about using dnscache's internal DNS caching and/or a local DNS cache with this setup as well. -- Nate Campi http://www.campin.net