RFC-5424 configuration with IPV6 is not working
Hi, *issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid Getting the below error: ------------------------------ *syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'* Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format. we are using syslog-ng-3.3.7 version. *If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?* I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); }; # sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); }; filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0 Please help if there is any issue in the above configuration? Regards, V/
Hello, The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6) All together syslog("::1" transport("udp") ip-protocol(6)); should work. -- Kokan On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thanks kokan for your reply, I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};* Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));}; ^^^^^^^^^^^ Please suggest. Regards, V/ On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello, I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that. I do not see a reason why won't it work, and you could use stuff like system() source. -- Kokan On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thanks for your reply, For *non RFC-5424* format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version *destination df_remote_0 {udp6("::1");};* Hence we tried with the below config for RFC-5424 with IPV6: *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you mentioned there is no such protocol, which I agree with you. To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working. *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};* But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6. My question is : *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?* *If so could you please share the config ?* Please share you inputs for the version syslog-ng-3.3.7.? Thanks & Regards, V/ On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.
I do not see a reason why won't it work, and you could use stuff like system() source.
-- Kokan
On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
HI Kokan, Could you please let me the info for my previous email? Regards, V/ On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks for your reply,
For *non RFC-5424* format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version *destination df_remote_0 {udp6("::1");};* Hence we tried with the below config for RFC-5424 with IPV6: *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you mentioned there is no such protocol, which I agree with you.
To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working. *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};* But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6.
My question is : *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?* *If so could you please share the config ?*
Please share you inputs for the version syslog-ng-3.3.7.?
Thanks & Regards, V/
On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.
I do not see a reason why won't it work, and you could use stuff like system() source.
-- Kokan
On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello, Sorry to keep you hanging there. You could use *template* to get any kind of format you want, but for syslog there is also a flags option. Simply udo6( ... flags(syslog-protocol)); should be the same as syslog(...); -- Kokan On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
HI Kokan, Could you please let me the info for my previous email?
Regards, V/
On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks for your reply,
For *non RFC-5424* format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version *destination df_remote_0 {udp6("::1");};* Hence we tried with the below config for RFC-5424 with IPV6: *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you mentioned there is no such protocol, which I agree with you.
To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working. *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};* But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6.
My question is : *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?* *If so could you please share the config ?*
Please share you inputs for the version syslog-ng-3.3.7.?
Thanks & Regards, V/
On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.
I do not see a reason why won't it work, and you could use stuff like system() source.
-- Kokan
On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with RFC-5424 format Using below command to run syslog-ng: /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p /var/syslog-ng.pid
Getting the below error: ------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer version with the below configuration?*
I am using the below configuration in syslog-ng.conf: ======================================== options { stats_freq (0); flush_lines (0); time_reopen (10); log_fifo_size (10000); chain_hostnames (off); use_dns (no); create_dirs (no); keep_hostname (no); perm(0640); group("root"); };
# sources source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" program_override("kernel: ")); };
filter f_remote { facility(local7); }; destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" transport("udp6"));}; log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards, V/
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi kokan, Thanks for your quick response. Will test the same and get back.. Regards Venkat On Sat 29 Sep, 2018, 15:34 Péter, Kókai, <peter.kokai@oneidentity.com> wrote:
Hello,
Sorry to keep you hanging there. You could use *template* to get any kind of format you want, but for syslog there is also a flags option. Simply udo6( ... flags(syslog-protocol)); should be the same as syslog(...);
-- Kokan
On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
HI Kokan, Could you please let me the info for my previous email?
Regards, V/
On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks for your reply,
For *non RFC-5424* format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version *destination df_remote_0 {udp6("::1");};* Hence we tried with the below config for RFC-5424 with IPV6: *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you mentioned there is no such protocol, which I agree with you.
To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working. *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};* But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6.
My question is : *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?* *If so could you please share the config ?*
Please share you inputs for the version syslog-ng-3.3.7.?
Thanks & Regards, V/
On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.
I do not see a reason why won't it work, and you could use stuff like system() source.
-- Kokan
On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
The error message lists the correct transport methods: *please use one of udp, tcp, or tls;* There is no such option udp6, you could use specify ipv6 via ip-protocol(4/6)
All together syslog("::1" transport("udp") ip-protocol(6)); should work.
-- Kokan
On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
> Hi, > > *issue*: syslog-ng is not starting if we configure IPV6 IP along > with RFC-5424 format > Using below command to run syslog-ng: > /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R > /var/syslog-ng.persist -p /var/syslog-ng.pid > > Getting the below error: > ------------------------------ > > *syslog-ng: Error changing to Unknown syslog transport specified, > please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'* > > Could anyone please let me know what should be the configuration in > syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format. > > we are using syslog-ng-3.3.7 version. > > *If the below configuration is correct, will it work if we upgrade > to newer version with the below configuration?* > > I am using the below configuration in syslog-ng.conf: > ======================================== > options { > stats_freq (0); > flush_lines (0); > time_reopen (10); > log_fifo_size (10000); > chain_hostnames (off); > use_dns (no); > create_dirs (no); > keep_hostname (no); > perm(0640); > group("root"); > }; > > > # sources > source s_all { > internal(); > unix-stream("/dev/log"); > file("/proc/kmsg" program_override("kernel: ")); > }; > > > filter f_remote { facility(local7); }; > destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" > transport("udp6"));}; > log { source(s_all); filter(f_remote); destination(df_remote_0 > > Please help if there is any issue in the above configuration? > > Regards, > V/ > > ______________________________________________________________________________ > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng > Documentation: > http://www.balabit.com/support/documentation/?product=syslog-ng > FAQ: http://www.balabit.com/wiki/syslog-ng-faq > > ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Kokan, Thanks for your help and support, the change is working fine now. Thanks a lot. Also I have another issue with syslog-ng 3.3.7 version: ------------------------------------------------------------------------ *when configured both IPV4 and IPV6 syslog server IP's, I could see syslog-ng messages going to only one either IPV4 or IPV6 syslog-ng server and that too the latest server IP configured only.* Is there any known issue ? struggling from a long time for this issue also . Please help me on this. Regards, Venkat. On Mon, Oct 1, 2018 at 10:10 AM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Hi kokan, Thanks for your quick response. Will test the same and get back..
Regards Venkat
On Sat 29 Sep, 2018, 15:34 Péter, Kókai, <peter.kokai@oneidentity.com> wrote:
Hello,
Sorry to keep you hanging there. You could use *template* to get any kind of format you want, but for syslog there is also a flags option. Simply udo6( ... flags(syslog-protocol)); should be the same as syslog(...);
-- Kokan
On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
HI Kokan, Could you please let me the info for my previous email?
Regards, V/
On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks for your reply,
For *non RFC-5424* format, IPV6 config is as below and is working fine, with syslog-ng-3.3.7 version *destination df_remote_0 {udp6("::1");};* Hence we tried with the below config for RFC-5424 with IPV6: *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you mentioned there is no such protocol, which I agree with you.
To let you know that, we have installed latest version of syslog-ng and the configuration mentioned by you as below is working. *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};* But this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and IPV6.
My question is : *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?* *If so could you please share the config ?*
Please share you inputs for the version syslog-ng-3.3.7.?
Thanks & Regards, V/
On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
I do not really have 3.3.7 version at my hand, so I did not really dig in if that version supports or not. Well it seems it is from v3.4.1, for this option you have to update at least to that.
I do not see a reason why won't it work, and you could use stuff like system() source.
-- Kokan
On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri < venkates.vin@gmail.com> wrote:
Thanks kokan for your reply,
I am getting the below error after making the change as you suggested *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
Error: ===== Error parsing afsocket, inner-dest plugin ip-protocol not found in /etc/syslog-ng/syslog-ng.conf at line 45, column 78: destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
^^^^^^^^^^^ Please suggest.
Regards, V/
On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
> Hello, > > The error message lists the correct transport methods: *please use > one of udp, tcp, or tls;* > There is no such option udp6, you could use specify ipv6 via > ip-protocol(4/6) > > All together syslog("::1" transport("udp") ip-protocol(6)); should > work. > > -- > Kokan > > On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri < > venkates.vin@gmail.com> wrote: > >> Hi, >> >> *issue*: syslog-ng is not starting if we configure IPV6 IP along >> with RFC-5424 format >> Using below command to run syslog-ng: >> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R >> /var/syslog-ng.persist -p /var/syslog-ng.pid >> >> Getting the below error: >> ------------------------------ >> >> *syslog-ng: Error changing to Unknown syslog transport specified, >> please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'* >> >> Could anyone please let me know what should be the configuration in >> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format. >> >> we are using syslog-ng-3.3.7 version. >> >> *If the below configuration is correct, will it work if we upgrade >> to newer version with the below configuration?* >> >> I am using the below configuration in syslog-ng.conf: >> ======================================== >> options { >> stats_freq (0); >> flush_lines (0); >> time_reopen (10); >> log_fifo_size (10000); >> chain_hostnames (off); >> use_dns (no); >> create_dirs (no); >> keep_hostname (no); >> perm(0640); >> group("root"); >> }; >> >> >> # sources >> source s_all { >> internal(); >> unix-stream("/dev/log"); >> file("/proc/kmsg" program_override("kernel: ")); >> }; >> >> >> filter f_remote { facility(local7); }; >> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" >> transport("udp6"));}; >> log { source(s_all); filter(f_remote); destination(df_remote_0 >> >> Please help if there is any issue in the above configuration? >> >> Regards, >> V/ >> >> ______________________________________________________________________________ >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng >> Documentation: >> http://www.balabit.com/support/documentation/?product=syslog-ng >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq >> >> > ______________________________________________________________________________ > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng > Documentation: > http://www.balabit.com/support/documentation/?product=syslog-ng > FAQ: http://www.balabit.com/wiki/syslog-ng-faq > > ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Péter, Kókai
-
venkateswarlu vinjamuri