On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
Hi
I get some unwanted loggin from strange hosts....
The syslog-ng.conf-file looks like;
options { use_fqdn(yes); keep_hostname(yes); use_dns(yes); long_hostnames(off); sync(0); log_fifo_size(1000); }; source all { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); udp(); }; destination hosts { file("/var/syslog/hosts/$HOST/$FACILITY_$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(all) ; destination(hosts) ; };
An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory; 0x0.0x5da74da 0x0.0x5dc3cea 0x0.0x5dc3d5a 0x0.0x5dc4077 0x0.0x5dca334 0x0.0x5dcea7a 0x0.0x637fb77 0x0.0x642bad8 0x0.0x64c5ea8
one of your devices send messages with bogus hostname part, and keep_hostname() keeps those. 1) turn off keep_hostname() 2) stop those hosts sending hostnames like those above
An example of correct hosts -directory in the /var/syslog/hosts-directory looks like this; trillian.student.bth.se trumma.bth.se viking.student.bth.se viola.bth.se violin.bth.se vogonjeltz.student.bth.se voyager.student.bth.se vroomfondel.student.bth.se zaphod.student.bth.se
Is there some internal logging or what is it comming from?
A minor problem is that i have the "long_hostnames" to off and still it loging whit long hostnames....any guess?
long_hostnames() is an alias to chain_hostnames() try use_fqdn() instead. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1