On Tue, Sep 17, 2002 at 03:45:57PM +0200, Balazs Scheidler wrote:
On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
I get some unwanted loggin from strange hosts....
An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory; 0x0.0x5da74da 0x0.0x5dc3cea 0x0.0x5dc3d5a 0x0.0x5dc4077 0x0.0x5dca334 0x0.0x5dcea7a 0x0.0x637fb77 0x0.0x642bad8 0x0.0x64c5ea8
one of your devices send messages with bogus hostname part, and keep_hostname() keeps those.
1) turn off keep_hostname() 2) stop those hosts sending hostnames like those above
The FAQ covers this. http://www.campin.net/syslog-ng/faq.html#bad_filenames It is best to turn off keep_hostname() in most cases anyways. You'll still get kernel messages and other badly formatted messages creating bad "hosts" directories even with all hosts sending a correct name. At least that's the case if you still use the vendor-supplied syslogd on your clients. If you roll out syslog-ng to all UNIXes I'd imagine that problem will go away. Of course this doesn't cover any network devices you have that send you syslogs :( -- I never think of the future. It comes soon enough. - Albert Einstein