No remote logging with hostname which has address is IPv6
Hi, I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address. ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms But syslog-ng seems not to be able to resolve the ipv6 address: Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded. Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon. Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon... Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server' Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60' Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon. Any Ideas? I am sending the configuration and debug log in attachment. Thanks in Advance, Alex
Hello Alex, Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way. If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6" (If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.) Best regards, Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Friday, August 28, 2020 12:35 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address. ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms But syslog-ng seems not to be able to resolve the ipv6 address: Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded. Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon. Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon... Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server' Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60' Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon. Any Ideas? I am sending the configuration and debug log in attachment. Thanks in Advance, Alex
Hi Laci, Here it goes: root@localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version syslog-ng 3 (3.19.1) Config version: 3.19 Installer-Version: 3.19.1 Revision: 3.19.1-5 Compile-Date: May 19 2019 11:03:30 Module-Directory: /usr/lib/syslog-ng/3.19 Module-Path: /usr/lib/syslog-ng/3.19 Include-Path: /usr/share/syslog-ng/include Available-Modules: affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on Thanks, Alex On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) < Laszlo.Szemere@oneidentity.com> wrote:
Hello Alex, Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way.
If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6"
(If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.)
Best regards, Laci ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, August 28, 2020 12:35 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] No remote logging with hostname which has address is IPv6
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address.
ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms
But syslog-ng seems not to be able to resolve the ipv6 address:
Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded.
Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon.
Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon...
Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server'
Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60'
Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon.
Any Ideas?
I am sending the configuration and debug log in attachment.
Thanks in Advance,
Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello Alex, thank you for the output. This part looks good. Unfortunately you have to explicitly enable the IPv6 protocol in the configuration. (Which will indicate that IPv4 will not work simultaneously.) Please add: "ip-protocol(6)" to your "d_hostnameIPv6_udp" destination. destination d_hostnameIPv6_udp { syslog("dns6server" transport("udp") port(514) keep-alive(no) suppress(5) disk-buffer( mem-buf-size(2097152) disk-buf-size(4194304) reliable(yes) dir("/tmp") ip-protocol(6) ) ); }; Best regards, Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Friday, August 28, 2020 13:06 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Laci, Here it goes: root@localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version syslog-ng 3 (3.19.1) Config version: 3.19 Installer-Version: 3.19.1 Revision: 3.19.1-5 Compile-Date: May 19 2019 11:03:30 Module-Directory: /usr/lib/syslog-ng/3.19 Module-Path: /usr/lib/syslog-ng/3.19 Include-Path: /usr/share/syslog-ng/include Available-Modules: affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on Thanks, Alex On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) <Laszlo.Szemere@oneidentity.com<mailto:Laszlo.Szemere@oneidentity.com>> wrote: Hello Alex, Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way. If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6" (If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.) Best regards, Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Friday, August 28, 2020 12:35 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address. ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms But syslog-ng seems not to be able to resolve the ipv6 address: Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded. Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon. Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon... Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server' Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60' Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon. Any Ideas? I am sending the configuration and debug log in attachment. Thanks in Advance, Alex ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=vmrCsyOtbaTHBGJ%2BpNscXIihsumvePhcmSmAelRZQ0s%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=5M87v3dv77VOtDJ791Odg1lel5b6E3Cr4bnVB4ZG5Go%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=kiMZ9Tymaun06gdFnWgUkUr6P6FXim9H2NsqQnBtLxs%3D&reserved=0>
Hi Laci,
From I debugged watching tcpdumps of DNS and compared with other applications, syslog-ng is sending DNS AAAA query, only if ip-protocol(6) option is set. Is this going to be changed (fixed) in future versions? Thanks & Regards, Alex
On Fri, Aug 28, 2020 at 12:12 PM Laszlo Szemere (lszemere) < Laszlo.Szemere@oneidentity.com> wrote:
Hello Alex, thank you for the output. This part looks good. Unfortunately you have to explicitly enable the IPv6 protocol in the configuration. (Which will indicate that IPv4 will not work simultaneously.)
Please add: "ip-protocol(6)" to your "d_hostnameIPv6_udp" destination.
destination d_hostnameIPv6_udp { syslog("dns6server" transport("udp") port(514) keep-alive(no) suppress(5) disk-buffer( mem-buf-size(2097152) disk-buf-size(4194304) reliable(yes) dir("/tmp") ip-protocol(6) ) ); };
Best regards, Laci
------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, August 28, 2020 13:06 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] No remote logging with hostname which has address is IPv6
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Laci, Here it goes: root@localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version syslog-ng 3 (3.19.1) Config version: 3.19 Installer-Version: 3.19.1 Revision: 3.19.1-5 Compile-Date: May 19 2019 11:03:30 Module-Directory: /usr/lib/syslog-ng/3.19 Module-Path: /usr/lib/syslog-ng/3.19 Include-Path: /usr/share/syslog-ng/include Available-Modules: affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on
Thanks, Alex
On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) < Laszlo.Szemere@oneidentity.com> wrote:
Hello Alex, Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way.
If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6"
(If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.)
Best regards, Laci ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> *Sent:* Friday, August 28, 2020 12:35 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] No remote logging with hostname which has address is IPv6
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address.
ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms
But syslog-ng seems not to be able to resolve the ipv6 address:
Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded.
Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon.
Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon...
Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;
Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server'
Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60'
Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon.
Any Ideas?
I am sending the configuration and debug log in attachment.
Thanks in Advance,
Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=vmrCsyOtbaTHBGJ%2BpNscXIihsumvePhcmSmAelRZQ0s%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=5M87v3dv77VOtDJ791Odg1lel5b6E3Cr4bnVB4ZG5Go%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=kiMZ9Tymaun06gdFnWgUkUr6P6FXim9H2NsqQnBtLxs%3D&reserved=0>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello Alex, unfortunately the problem is not just with the DNS query. There are other differences in the background around the socket handling. We have an open issue on GitHub (https://github.com/syslog-ng/syslog-ng/issues/3386), which I think is almost identical with your use case. I can not give you any promises/estimates when this issue will be resolved, but in the meantime I encourage you to share your opinion / specific needs under the issue. (Your opinion will help the developer to cover as many aspects of the problem as possible.) Thank you in advance! Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com> Sent: Friday, August 28, 2020 16:55 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Laci,
From I debugged watching tcpdumps of DNS and compared with other applications, syslog-ng is sending DNS AAAA query, only if ip-protocol(6) option is set. Is this going to be changed (fixed) in future versions? Thanks & Regards, Alex
On Fri, Aug 28, 2020 at 12:12 PM Laszlo Szemere (lszemere) <Laszlo.Szemere@oneidentity.com<mailto:Laszlo.Szemere@oneidentity.com>> wrote: Hello Alex, thank you for the output. This part looks good. Unfortunately you have to explicitly enable the IPv6 protocol in the configuration. (Which will indicate that IPv4 will not work simultaneously.) Please add: "ip-protocol(6)" to your "d_hostnameIPv6_udp" destination. destination d_hostnameIPv6_udp { syslog("dns6server" transport("udp") port(514) keep-alive(no) suppress(5) disk-buffer( mem-buf-size(2097152) disk-buf-size(4194304) reliable(yes) dir("/tmp") ip-protocol(6) ) ); }; Best regards, Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Friday, August 28, 2020 13:06 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: Re: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Laci, Here it goes: root@localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version syslog-ng 3 (3.19.1) Config version: 3.19 Installer-Version: 3.19.1 Revision: 3.19.1-5 Compile-Date: May 19 2019 11:03:30 Module-Directory: /usr/lib/syslog-ng/3.19 Module-Path: /usr/lib/syslog-ng/3.19 Include-Path: /usr/share/syslog-ng/include Available-Modules: affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on Thanks, Alex On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) <Laszlo.Szemere@oneidentity.com<mailto:Laszlo.Szemere@oneidentity.com>> wrote: Hello Alex, Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way. If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6" (If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.) Best regards, Laci ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos@gmail.com<mailto:alexandre.rosas.santos@gmail.com>> Sent: Friday, August 28, 2020 12:35 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Subject: [syslog-ng] No remote logging with hostname which has address is IPv6 CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address. ping works fine: root@localhost:~# ping dns6server -c 3 PING dns6server(2620:38:4::8:4000:238) 56 data bytes 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms But syslog-ng seems not to be able to resolve the ipv6 address: Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded. Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon. Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon... Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!; Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server' Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60' Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon. Any Ideas? I am sending the configuration and debug log in attachment. Thanks in Advance, Alex ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336527742&sdata=icNBW1VIc70UBHayvwjC4BdYPf0AGzlr92toBxDMdX0%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336527742&sdata=FgZa0%2FSzSEtxBVbXLE4DcyHFSdL3NjWdC680XvuUkwg%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336537701&sdata=rjJ07sRXlt%2FpusqSN4JuraOmreXoo9CYqEEUjw39u3Y%3D&reserved=0> ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336537701&sdata=cYqbO4zBrQWH5gP8YB6ZzgQdcvgQiijZaVdAUIw7WlA%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336537701&sdata=3e%2FBSjJ8cuNcm%2BWaVILsWiK0kcgYR%2BIJnep%2FmvbM3ik%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C9a1352b19d4847d2e13a08d84b62695f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637342233336547665&sdata=ao1tjs4Lksm%2FTamAnrQ9c%2FQ9YrDFGmF3mDJaCCwALd8%3D&reserved=0>
participants (2)
-
Alexandre Santos
-
Laszlo Szemere (lszemere)