RE: [syslog-ng]Problems compiling libol / syslog-ng
That's a weird error, the time was a couple of minutes ahead, I changed it now, but that's not the problem.... Anyone has compiled it on Redhat 7.3 before?? Christian -----Mensaje original----- De: Dustin Trammell [mailto:DTrammell@PENSON.COM] Enviado el: Miércoles, 14 de Agosto de 2002 13:07 Para: 'syslog-ng@lists.balabit.hu' Asunto: RE: [syslog-ng]Problems compiling libol / syslog-ng Check the time on your system, it's probably wrong. Usually configure won't continue if it finds files that are newer than current date/time, or it creates a file that is older than current date/time. --- Dustin D. Trammell Information Security Specialist Penson Financial Services, Inc. -----Original Message----- From: Camacho, Christian [mailto:CCamacho@golder.cl] Sent: Wednesday, August 14, 2002 11:04 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Problems compiling libol / syslog-ng I have Redhat 7.3 and can't configure libol (I have the same problem with syslog-ng). I don't have an alias for ls, I don't know Why I'm having such problem, I've compiled other tar balls before without this error... Any idea?? [root@agua libol-0.3.3]# ./configure creating cache ./config.cache checking for a BSD compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working aclocal... found checking for working autoconf... found checking for working automake... found checking for working autoheader... found checking for working makeinfo... found checking whether build environment is sane... configure: error: ls -t appears to fail. Make sure there is not a broken alias in your environment configure: error: newly created file is older than distributed files! Check your system clock Thanks, Chris DISCLAIMER: This message may contain confidential information. If you are not the intended recipient please advise the sender and erase the message. Thank you. DISCLAIMER: This message may contain confidential information. If you are not the intended recipient please advise the sender and erase the message. Thank you.
Hello, I have syslog-ng configured with create_dirs(yes) and $HOST in several places, and I find that occasionally during a restart (HUP or stop/start) it will create some directories with the IP address of the machine instead of the resolved hostname. I have these options in use: options { long_hostnames(off); keep_hostname(yes); use_dns(no); }; All systems that are sending logs to this machine have an entry in the /etc/hosts file locally, yet some end up with a logfile with this in it: Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting a.b.c.d is in private address space. I should note that this happened with 1.5.10 as well. I haven't yet moved to 1.5.19 yet, but likely will soon. I'm running Solaris 8 sparc on both the clients and server. Thanks in advance.
William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
Hello,
I have syslog-ng configured with create_dirs(yes) and $HOST in several places, and I find that occasionally during a restart (HUP or stop/start) it will create some directories with the IP address of the machine instead of the resolved hostname. I have these options in use:
options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
All systems that are sending logs to this machine have an entry in the /etc/hosts file locally, yet some end up with a logfile with this in it:
Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting
a.b.c.d is in private address space.
I should note that this happened with 1.5.10 as well.
I haven't yet moved to 1.5.19 yet, but likely will soon. I'm running Solaris 8 sparc on both the clients and server.
Thanks in advance.
Oops - sorry about the subject line.
On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
Hello,
I have syslog-ng configured with create_dirs(yes) and $HOST in several places, and I find that occasionally during a restart (HUP or stop/start) it will create some directories with the IP address of the machine instead of the resolved hostname. I have these options in use:
options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
All systems that are sending logs to this machine have an entry in the /etc/hosts file locally, yet some end up with a logfile with this in it:
Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting
a.b.c.d is in private address space.
I should note that this happened with 1.5.10 as well.
if use_dns() is set to no, syslog-ng will _never_ resolve hostnames, not even from /etc/hosts. (as gethostbyname() immediately goes to DNS if not found in /etc/hosts) The reason you have hostnames in your files is that you have keep_hostname() set to yes, which makes syslog-ng to accept any hostname it receives. If hostname was not specified by the sender, syslog-ng inserts one on its own, and as use_dns is off, it inserts an IP address. If you are sure syslog-ng may not receive messages from hosts that are not resolvable, simply turn use_dns() on. This will make syslog-ng to resolve those IPs. Note that syslog-ng blocks on DNS queries, thus it might be an easy DoS. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
Hello,
I have syslog-ng configured with create_dirs(yes) and $HOST in several places, and I find that occasionally during a restart (HUP or stop/start) it will create some directories with the IP address of the machine instead of the resolved hostname. I have these options in use:
options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
All systems that are sending logs to this machine have an entry in the /etc/hosts file locally, yet some end up with a logfile with this in it:
Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00 a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting
a.b.c.d is in private address space.
I should note that this happened with 1.5.10 as well.
if use_dns() is set to no, syslog-ng will _never_ resolve hostnames, not even from /etc/hosts. (as gethostbyname() immediately goes to DNS if not found in /etc/hosts)
The reason you have hostnames in your files is that you have keep_hostname() set to yes, which makes syslog-ng to accept any hostname it receives. If hostname was not specified by the sender, syslog-ng inserts one on its own, and as use_dns is off, it inserts an IP address.
If you are sure syslog-ng may not receive messages from hosts that are not resolvable, simply turn use_dns() on. This will make syslog-ng to resolve those IPs.
Note that syslog-ng blocks on DNS queries, thus it might be an easy DoS.
Wonderfully simple answer. Thanks very much!
HI *, I have to get events from _Enterasys_ machines and I need to resolve IP address with /etc/hosts. When I set on Keep_hostname() I receive logs bad formatted, an example: Before: 2002 Aug 22 10:42:20 10.1.163.3 local7.err unknown or ambiguous facility \'e\' After: 2002 Aug 22 10:42:20 %CLI-E-FACUNKNWN, local7.err unknown or ambiguous facility \'e\' And more when I try to set Gethostname() on or yes ,in the configuration file I received an error.: .. The active options are: options { long_hostnames(off);keep_hostname(no);sync(0);stats(3600);use_dns(no); # gethostbyname(yes); use_fqdn(no);dns_cache(no);log_fifo_size(1000);gc_idle_threshold(100);gc _busy_threshold(3000);}; This is a new bug or a mistake of mine ? Thanks _/CaT\_ -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of William Yodlowsky Sent: Wednesday, August 21, 2002 3:16 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]$HOST gives IP address instead of hostname Balazs Scheidler <bazsi@balabit.hu> wrote:
On Wed, Aug 14, 2002 at 05:08:11PM -0400, William Yodlowsky wrote:
William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
Hello,
I have syslog-ng configured with create_dirs(yes) and $HOST in several places, and I find that occasionally during a restart (HUP or stop/start) it will create some directories with the IP address of the machine instead of the resolved hostname. I have these options in use:
options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
All systems that are sending logs to this machine have an entry in
the /etc/hosts file locally, yet some end up with a logfile with this in it:
Aug 12 11:51:11 a.b.c.d syslog-ng version 1.5.13 going down Aug 12
11:51:11 a.b.c.d syslog-ng version 1.5.13 starting Aug 12 17:29:00
a.b.c.d syslog-ng version 1.5.13 going down Aug 12 17:29:03 a.b.c.d syslog-ng version 1.5.13 starting
a.b.c.d is in private address space.
I should note that this happened with 1.5.10 as well.
if use_dns() is set to no, syslog-ng will _never_ resolve hostnames, not even from /etc/hosts. (as gethostbyname() immediately goes to DNS if not found in /etc/hosts)
The reason you have hostnames in your files is that you have keep_hostname() set to yes, which makes syslog-ng to accept any hostname it receives. If hostname was not specified by the sender, syslog-ng inserts one on its own, and as use_dns is off, it inserts an
IP address.
If you are sure syslog-ng may not receive messages from hosts that are
not resolvable, simply turn use_dns() on. This will make syslog-ng to resolve those IPs.
Note that syslog-ng blocks on DNS queries, thus it might be an easy DoS.
Wonderfully simple answer. Thanks very much! _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Thu, Aug 22, 2002 at 02:14:19PM +0200, _/CaT_ wrote:
HI *, I have to get events from _Enterasys_ machines and I need to resolve IP address with /etc/hosts. When I set on Keep_hostname() I receive logs bad formatted, an example:
Before: 2002 Aug 22 10:42:20 10.1.163.3 local7.err unknown or ambiguous facility \'e\'
After: 2002 Aug 22 10:42:20 %CLI-E-FACUNKNWN, local7.err unknown or ambiguous facility \'e\'
as it seems the first one is with keep_hostname() set to no, the latter is on, and your device does not send hostnames. syslog-ng thinks that %CLI-E-FACUNKNWN is a hostname unless you specify check_hostnames(yes) (it is a post 1.5.19 feature) I'm planning to release 1.5.20 which includes this check and the kernel message mangling as well.
And more when I try to set Gethostname() on or yes ,in the configuration file I received an error.:
gethostbyname() is not a syslog-ng option, it is a C function to query a hostname by IP address. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
On Wed, Aug 14, 2002 at 02:49:44PM -0400, Camacho, Christian wrote:
That's a weird error, the time was a couple of minutes ahead, I changed it now, but that's not the problem....
Anyone has compiled it on Redhat 7.3 before??
what about checking config.log ? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (4)
-
_/CaT\_
-
Balazs Scheidler
-
Camacho, Christian
-
William Yodlowsky