James, James Masson wrote:
Hi Phil,
I had exactly this problem, upgrading to 1.6.5 fixed the problem.
Thanks for the advice. Upgraded last night and working perfectly. Cheers Phil
Regards
James
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Philip Webster Sent: 06 January 2005 05:59 To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Problems with Netscreen log entries
Bazsi,
Balazs Scheidler wrote:
On Mon, 2004-08-09 at 15:20, Paul Mindeman wrote:
Running sylog-ng 1.6.4 on Solaris 9
Log entries from my UNIX devices log fine. Log entries from my Netscreen devices seem to be missing the end of line terminator, as the entries run together in the log file. The default
syslog daemon
was able to handle these entries fine. Any ideas on how to
fix this?
The options in the syslog-ng.conf file are:
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
Can you give me an tcpdump snippet to see how a netscreen
log message
is formatted? Please make sure that you snap the complete
packet (-s
option).
tcpdump -xXpeni ethX port 514 and udp
should do the trick.
I'm seeing the same problem as listed above, but did not see a solution posted. I've included a tcpdump listing of a sample packet below. All packets seem to be null terminated, but do not contain a newline. The sending device is a Netscreen ISG2000 and the receiver is syslog-ng 1.6.3 running on Red Hat Linux Advanced Server release 2.1AS.
If the logs are sent from the ISG to a FreeBSD host running standard syslog, and then forwarded from there to the syslog-ng host, a newline is present in the logs on both servers.
Any thoughts? Phil
11:04:03.044944 IP 10.40.44.3.2148 > 10.224.8.2.syslog: UDP, length 146 0x0000: 00d0 b7a8 8008 0010 db86 5e80 0800 4500 ..........^...E. 0x0010: 00ae 07b9 0000 4011 297a 0a28 2c03 0ae0 ......@.)z.(,... 0x0020: 0802 0864 0202 009a 8108 3c31 3636 3e67 ...d......<166>g 0x0030: 702d 6564 6765 2d66 773a 204e 6574 5363 p-edge-fw:.NetSc 0x0040: 7265 656e 2064 6576 6963 655f 6964 3d67 reen.device_id=g 0x0050: 702d 6564 6765 2d66 7720 205b 526f 6f74 p-edge-fw..[Root 0x0060: 5d73 7973 7465 6d2d 696e 666f 726d 6174 ]system-informat 0x0070: 696f 6e2d 3030 3736 373a 204c 6f63 6b20 ion-00767:.Lock. 0x0080: 636f 6e66 6967 7572 6174 696f 6e20 656e configuration.en 0x0090: 6465 6420 6279 2074 6173 6b20 7373 682d ded.by.task.ssh- 0x00a0: 636d 643a 3820 2832 3030 352d 3031 2d30 cmd:8.(2005-01-0 0x00b0: 3420 3131 3a30 343a 3033 2900 4.11:04:03).
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html