On Fri, Jul 26, 2002 at 03:11:10PM -0500, Ron Braley wrote:
Hi bazi.
We're having a problem with syslog-ng 1.5. It appears to be truncating our iptables firewall logs.
The following shows good logs as viewed through dmesg, and actual log entries as processed by syslog-ng:
*** Good (dmesg): IPTABLES TCP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:08:00:20:a7:53:e9:08:00 SRC=134.129.212.23 DST=134.129.212.30 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=64525 DF PROTO=TCP SPT=36788 DPT=53 WINDOW=24820 RES=0x00 SYN URGP=0
IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00 SRC=134.129.214.80 DST=134.129.212.30 LEN=239 TOS=0x00 PREC=0x00 TTL=127 ID=21813 PROTO=UDP SPT=138 DPT=138 LEN=219
*** Bad (syslog [/var/log/kern]): Jul 25 16:16:12 smack IPTABLES TCP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:a0:c9:a9:b2:6c:08:00 SRC=134.129.212.33 DST=134.129.212.30 LEN=60 TOS=0x00 PREC=0x03NDOW=5840
Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fECP1389
Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb3::0 SRC=134.12920.134 DST=134.129.212.0 LEN=78 TOS=0x00 PREC=0xTTL=1272ROTO=UDP SPT=137 DPT=137N=58
Please start a new thread if you send something unrelated to current threads. wrt your problem, are you sure you are not running klogd in addition to syslog-ng? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1