RE: [syslog-ng] problems with Cisco WiFi controller syslog messages

14 Jun 2007

      Thanks so much for the reply. 

So, I will upgrade to the latest version and hope for a fix from you I
suppose.

A question along those lines then...  What is the implication of upgrading
from 1.6.9 to 2.0.x?  Are there any problems or changes that will affect my
current logs?  I suppose I should mention that I dump these to a mysql
database and report against them with php-syslog-ng.  I sure don't want to
blow up the whole system.

JDP

---------------------------------
Jason D Poley
Network Tech
GS ITS Network 
County of Santa Barbara
805.568.2680
jpoley@co.santa-barbara.ca.us
...
-----Original Message-----
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-
bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Thursday, June 14, 2007 3:43 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] problems with Cisco WiFi controller syslog
messages
On Wed, 2007-06-13 at 07:02 -0700, Poley, Jason wrote:
...
We have upgraded our Cisco WiFi controller and now its syslog messages
contain milliseconds which syslog-ng does not know how to handle.
I am running version 1.6.9 of syslog-ng on RedHat version 3.
TCP dump of first 96 bytes...
06:57:07.584716 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto
17,
length: 248) 161.213.8.243.32768 > 161.213.4.226.syslog: UDP, length 220
        0x0000:  4500 00f8 0000 4000 3b11 ed75 a1d5 08f3
E.....@.;..u....
        0x0010:  a1d5 04e2 8000 0202 00e4 660c 3c31 3238
..........f.<128
        0x0020:  3e20 4a75 6e20 3133 2030 363a 3536 3a31
.Jun.13.06:56:1
        0x0030:  362e 3732 3820 6170 665f 726f 6775 655f
6.728.apf_rogue_
        0x0040:  6465 7465 6374 2e63 3a35 3735 2041 5046
detect.c:575.APF
        0x0050:  2d31                                     -1
Is this behavior different in a later version of syslog-ng and should I
upgrade?
syslog-ng 2.0.x supports milliseconds in timestamps, however it uses
ISO8601 timestamps for that purpose. As I see the snipped quoted here
uses a BSD timestamps with milliseconds added.
Gee.. At least they could have added year information too.
So, upgrading to 2.0.x will not solve your problems, but there's a
chance that I can change this there.
--
Bazsi
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html