I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option. Here is my config: destination d_squelch_acl { udp("10.159.234.52 <http://10.159.234.52>" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); }; If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet. Any ideas? Chance
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52 <http://10.159.234.52>" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result? checking whether to enable spoof_source support....... yes Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this? best regards Gerardo Amaya
Here is the output of a configure and make. Am I missing something? # ./configure --enable-spoof-source --with-libnet=/usr/include/libnet --with-lib ol=/usr/local/bin checking for a BSD-compatible install... ./install-sh -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes checking whether build environment is sane... yes checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for gcc option to accept ANSI C... none needed checking for bison... no checking for byacc... no checking for flex... no checking for lex... no checking for yywrap in -lfl... no checking for yywrap in -ll... yes checking whether make sets $(MAKE)... (cached) yes checking how to run the C preprocessor... gcc -E checking for egrep... egrep checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... no checking for unistd.h... yes checking malloc.h usability... yes checking malloc.h presence... yes checking for malloc.h... yes checking for unistd.h... (cached) yes checking door.h usability... yes checking door.h presence... yes checking for door.h... yes checking stropts.h usability... yes checking stropts.h presence... yes checking for stropts.h... yes checking sys/strlog.h usability... yes checking sys/strlog.h presence... yes checking for sys/strlog.h... yes checking stdarg.h usability... yes checking stdarg.h presence... yes checking for stdarg.h... yes checking sys/klog.h usability... no checking sys/klog.h presence... no checking for sys/klog.h... no checking arpa/nameser.h usability... yes checking arpa/nameser.h presence... yes checking for arpa/nameser.h... yes checking tcpd.h usability... no checking tcpd.h presence... no checking for tcpd.h... no checking for an ANSI C-conforming const... yes checking whether time.h and sys/time.h may both be included... yes checking for modern utmp... yes checking for global timezone variable... yes checking for short... yes checking size of short... 2 checking for int... yes checking size of int... 4 checking for long... yes checking size of long... 4 checking for I_CONSLOG... yes checking for O_LARGEFILE... yes checking for res_init in <resolv.h>... yes checking for working alloca.h... yes checking for alloca... yes checking for vprintf... yes checking for _doprnt... yes checking for res_init in -lresolv... yes checking for __res_init in -lresolv... no checking for door_create in -ldoor... yes checking for socket in -lsocket... yes checking for gethostbyname in -lnsl... yes checking for select... yes checking for snprintf... yes checking for vsnprintf... yes checking for strerror... yes checking for inet_aton... yes checking for strncpy... yes checking for getutent... yes checking for getopt_long... no checking for strcasecmp... yes checking for strptime... yes checking for TCP wrapper library... checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no clues, linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status: creating doc/Makefile config.status: creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands # make Making all in src make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' make all-recursive make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making all in . make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT main.o -MD -MP -MF ".deps/main.Tpo" \ -c -o main.o `test -f 'main.c' || echo '/usr/local/src/neb-syslog/syslog-ng-1. 6.8/src/'`main.c; \ then mv -f ".deps/main.Tpo" ".deps/main.Po"; \ else rm -f ".deps/main.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT sources.o -MD -MP -MF ".deps/sources.Tpo" \ -c -o sources.o `test -f 'sources.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`sources.c; \ then mv -f ".deps/sources.Tpo" ".deps/sources.Po"; \ else rm -f ".deps/sources.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT center.o -MD -MP -MF ".deps/center.Tpo" \ -c -o center.o `test -f 'center.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`center.c; \ then mv -f ".deps/center.Tpo" ".deps/center.Po"; \ else rm -f ".deps/center.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT filters.o -MD -MP -MF ".deps/filters.Tpo" \ -c -o filters.o `test -f 'filters.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`filters.c; \ then mv -f ".deps/filters.Tpo" ".deps/filters.Po"; \ else rm -f ".deps/filters.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT destinations.o -MD -MP -MF ".deps/destinations.Tpo" \ -c -o destinations.o `test -f 'destinations.c' || echo '/usr/local/src/neb-sys log/syslog-ng-1.6.8/src/'`destinations.c; \ then mv -f ".deps/destinations.Tpo" ".deps/destinations.Po"; \ else rm -f ".deps/destinations.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT log.o -MD -MP -MF ".deps/log.Tpo" \ -c -o log.o `test -f 'log.c' || echo '/usr/local/src/neb-syslog/syslog- ng-1.6. 8/src/'`log.c; \ then mv -f ".deps/log.Tpo" ".deps/log.Po"; \ else rm -f ".deps/log.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT cfgfile.o -MD -MP -MF ".deps/cfgfile.Tpo" \ -c -o cfgfile.o `test -f 'cfgfile.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`cfgfile.c; \ then mv -f ".deps/cfgfile.Tpo" ".deps/cfgfile.Po"; \ else rm -f ".deps/cfgfile.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT cfg-grammar.o -MD -MP -MF ".deps/cfg-grammar.Tpo" \ -c -o cfg-grammar.o `test -f 'cfg-grammar.c' || echo '/usr/local/src/neb-syslo g/syslog-ng-1.6.8/src/'`cfg-grammar.c; \ then mv -f ".deps/cfg-grammar.Tpo" ".deps/cfg-grammar.Po"; \ else rm -f ".deps/cfg-grammar.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT cfg-lex.o -MD -MP -MF ".deps/cfg-lex.Tpo" \ -c -o cfg-lex.o `test -f 'cfg-lex.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`cfg-lex.c; \ then mv -f ".deps/cfg-lex.Tpo" ".deps/cfg-lex.Po"; \ else rm -f ".deps/cfg-lex.Tpo"; exit 1; \ fi cfg-lex.c:1367: warning: 'yyunput' defined but not used if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT affile.o -MD -MP -MF ".deps/affile.Tpo" \ -c -o affile.o `test -f 'affile.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`affile.c; \ then mv -f ".deps/affile.Tpo" ".deps/affile.Po"; \ else rm -f ".deps/affile.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afsocket.o -MD -MP -MF ".deps/afsocket.Tpo" \ -c -o afsocket.o `test -f 'afsocket.c' || echo '/usr/local/src/neb-syslog/sysl og-ng-1.6.8/src/'`afsocket.c; \ then mv -f ".deps/afsocket.Tpo" ".deps/afsocket.Po"; \ else rm -f ".deps/afsocket.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afunix.o -MD -MP -MF ".deps/afunix.Tpo" \ -c -o afunix.o `test -f 'afunix.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`afunix.c; \ then mv -f ".deps/afunix.Tpo" ".deps/afunix.Po"; \ else rm -f ".deps/afunix.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afinet.o -MD -MP -MF ".deps/afinet.Tpo" \ -c -o afinet.o `test -f 'afinet.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`afinet.c; \ then mv -f ".deps/afinet.Tpo" ".deps/afinet.Po"; \ else rm -f ".deps/afinet.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afinter.o -MD -MP -MF ".deps/afinter.Tpo" \ -c -o afinter.o `test -f 'afinter.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`afinter.c; \ then mv -f ".deps/afinter.Tpo" ".deps/afinter.Po"; \ else rm -f ".deps/afinter.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afuser.o -MD -MP -MF ".deps/afuser.Tpo" \ -c -o afuser.o `test -f 'afuser.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`afuser.c; \ then mv -f ".deps/afuser.Tpo" ".deps/afuser.Po"; \ else rm -f ".deps/afuser.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afstreams.o -MD -MP -MF ".deps/afstreams.Tpo" \ -c -o afstreams.o `test -f 'afstreams.c' || echo '/usr/local/src/neb-syslog/sy slog-ng-1.6.8/src/'`afstreams.c; \ then mv -f ".deps/afstreams.Tpo" ".deps/afstreams.Po"; \ else rm -f ".deps/afstreams.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afprogram.o -MD -MP -MF ".deps/afprogram.Tpo" \ -c -o afprogram.o `test -f 'afprogram.c' || echo '/usr/local/src/neb-syslog/sy slog-ng-1.6.8/src/'`afprogram.c; \ then mv -f ".deps/afprogram.Tpo" ".deps/afprogram.Po"; \ else rm -f ".deps/afprogram.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT afremctrl.o -MD -MP -MF ".deps/afremctrl.Tpo" \ -c -o afremctrl.o `test -f 'afremctrl.c' || echo '/usr/local/src/neb-syslog/sy slog-ng-1.6.8/src/'`afremctrl.c; \ then mv -f ".deps/afremctrl.Tpo" ".deps/afremctrl.Po"; \ else rm -f ".deps/afremctrl.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT nscache.o -MD -MP -MF ".deps/nscache.Tpo" \ -c -o nscache.o `test -f 'nscache.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`nscache.c; \ then mv -f ".deps/nscache.Tpo" ".deps/nscache.Po"; \ else rm -f ".deps/nscache.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT utils.o -MD -MP -MF ".deps/utils.Tpo" \ -c -o utils.o `test -f 'utils.c' || echo '/usr/local/src/neb-syslog/syslog-ng- 1.6.8/src/'`utils.c; \ then mv -f ".deps/utils.Tpo" ".deps/utils.Po"; \ else rm -f ".deps/utils.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT syslog-names.o -MD -MP -MF ".deps/syslog-names.Tpo" \ -c -o syslog-names.o `test -f 'syslog-names.c' || echo '/usr/local/src/neb-sys log/syslog-ng-1.6.8/src/'`syslog-names.c; \ then mv -f ".deps/syslog-names.Tpo" ".deps/syslog-names.Po"; \ else rm -f ".deps/syslog-names.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT macros.o -MD -MP -MF ".deps/macros.Tpo" \ -c -o macros.o `test -f 'macros.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`macros.c; \ then mv -f ".deps/macros.Tpo" ".deps/macros.Po"; \ else rm -f ".deps/macros.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT getopt.o -MD -MP -MF ".deps/getopt.Tpo" \ -c -o getopt.o `test -f 'getopt.c' || echo '/usr/local/src/neb-syslog/syslog-n g-1.6.8/src/'`getopt.c; \ then mv -f ".deps/getopt.Tpo" ".deps/getopt.Po"; \ else rm -f ".deps/getopt.Tpo"; exit 1; \ fi if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8/src -I. -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16 /src -D_GNU_SOURCE -MT getopt1.o -MD -MP -MF ".deps/getopt1.Tpo" \ -c -o getopt1.o `test -f 'getopt1.c' || echo '/usr/local/src/neb-syslog/syslog -ng-1.6.8/src/'`getopt1.c; \ then mv -f ".deps/getopt1.Tpo" ".deps/getopt1.Po"; \ else rm -f ".deps/getopt1.Tpo"; exit 1; \ fi gcc -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16/src -D_GNU_SOURCE -o syslog-ng main.o sources.o center.o filters.o destinations.o log.o cfgfile.o cfg-grammar.o cfg-lex.o affile.o afsocket.o afunix.o afinet.o afinter.oafuser. o afstreams.o afprogram.o afremctrl.o nscache.o utils.o syslog-names.o macros.o getopt.o getopt1.o -lpthread -lnsl -lsocket -ldoor -lresolv -ll -lsocket -lnsl -lnet /usr/local/src/neb-syslog/libol-0.3.16/src/.libs/libol.a -lsocket -lnsl - lxnet make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making all in tests make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests ' if gcc -DHAVE_CONFIG_H -I. -I/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests -I../../src -DLIBNET_BIG_ENDIAN -g -O2 -Wall -I/usr/local/src/neb-syslog/li bol-0.3.16/src -D_GNU_SOURCE -MT test_nscache.o -MD -MP -MF ".deps/test_nscache. Tpo" \ -c -o test_nscache.o `test -f 'test_nscache.c' || echo '/usr/local/src/neb-sys log/syslog-ng-1.6.8/src/tests/'`test_nscache.c; \ then mv -f ".deps/test_nscache.Tpo" ".deps/test_nscache.Po"; \ else rm -f ".deps/test_nscache.Tpo"; exit 1; \ fi gcc -g -O2 -Wall -I/usr/local/src/neb-syslog/libol-0.3.16/src -D_GNU_SOURCE -o test_nscache test_nscache.o ../nscache.o -lpthread -lnsl -lsocket -ldoor -lr esolv -ll -lsocket -lnsl -lnet /usr/local/src/neb-syslog/libol-0.3.16 /src/.lib s/libol.a -lsocket -lnsl -lxnet make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests' make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making all in doc make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' Making all in sgml make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[2]: Nothing to be done for `all-am'. make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' Making all in contrib make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' # make install Making install in src make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making install in . make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' /bin/bash /usr/local/src/neb-syslog/syslog-ng-1.6.8/mkinstalldirs /usr/local/sbi n .././install-sh -c syslog-ng /usr/local/sbin/syslog-ng make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making install in tests make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests ' make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests ' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests' make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /src/tests' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/src' Making install in doc make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' Making install in sgml make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/sgml' make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[3]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[3]: Nothing to be done for `install-exec-am'. /bin/bash /usr/local/src/neb-syslog/syslog-ng-1.6.8/mkinstalldirs /usr/local/man /man5 .././install-sh -c -m 644 /usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/syslog- ng.conf.5 /usr/local/man/man5/syslog-ng.conf.5 /bin/bash /usr/local/src/neb-syslog/syslog-ng-1.6.8/mkinstalldirs /usr/local/man /man8 .././install-sh -c -m 644 /usr/local/src/neb-syslog/syslog-ng-1.6.8 /doc/syslog- ng.8 /usr/local/man/man8/syslog-ng.8 make[3]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8/doc' Making install in contrib make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8 /contrib' make[1]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' make[2]: Entering directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' make[1]: Leaving directory `/usr/local/src/neb-syslog/syslog-ng-1.6.8' On 10/4/05, Gerardo Amaya <joseg@galileo.edu> wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52 <http://10.159.234.52> < http://10.159.234.52>" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
Here is just a snippet from the configure output: checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no clues, linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status: creating doc/Makefile config.status: creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands Am I still missing something? This work on my Solaris 8 server, but not on my Solaris 9 box. Thanks! On 10/4/05, Gerardo Amaya <joseg@galileo.edu> wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52 <http://10.159.234.52> < http://10.159.234.52>" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
Has anyone else had problems doing spoof_source on Solaris 9??? On 10/4/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Here is just a snippet from the configure output:
checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no clues, linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status: creating doc/Makefile config.status : creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands Am I still missing something? This work on my Solaris 8 server, but not on my Solaris 9 box. Thanks! On 10/4/05, Gerardo Amaya <joseg@galileo.edu> wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52 <http://10.159.234.52/><; http://10.159.234.52>" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled
in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
Can someone please point me in a direction on where I could get some help with this? On 10/6/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Has anyone else had problems doing spoof_source on Solaris 9???
On 10/4/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Here is just a snippet from the configure output:
checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no clues, linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status : creating doc/Makefile config.status : creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands Am I still missing something? This work on my Solaris 8 server, but not on my Solaris 9 box. Thanks! On 10/4/05, Gerardo Amaya <joseg@galileo.edu > wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52<http://10.159.234.52/><http://10.159.234.52 " port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any
errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
I'd just compile it on Solaris 8 and copy the binary over to the Solaris 9 box until a fix was found (or never bother). On Tue, Oct 11, 2005 at 03:27:38PM -0400, Chance Ellis wrote:
Can someone please point me in a direction on where I could get some help with this?
On 10/6/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Has anyone else had problems doing spoof_source on Solaris 9???
On 10/4/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Here is just a snippet from the configure output:
checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no clues, linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status : creating doc/Makefile config.status : creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands Am I still missing something? This work on my Solaris 8 server, but not on my Solaris 9 box. Thanks! On 10/4/05, Gerardo Amaya <joseg@galileo.edu > wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52<http://10.159.234.52/><http://10.159.234.52 " port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any
errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Nate "The mind is everything. What you think you become." - Buddha
Nate, Thanks for replying. I did try that but I get the same results... UDP destinations work until I add the spoof_source to the destination. How does the spoof_source work? Does it call some external library that I have the wrong version of on the Solaris9 boxes? What about lex? I also ran debug on the syslog-ng runtime and it just spews a bunch of senseless info. Might it be helpful if I post that? Thanks for your help! On 10/11/05, Nate Campi <nate@campin.net> wrote:
I'd just compile it on Solaris 8 and copy the binary over to the Solaris 9 box until a fix was found (or
never bother).
On Tue, Oct 11, 2005 at 03:27:38PM -0400, Chance Ellis wrote:
Can someone please point me in a direction on where I could get some help with this?
On 10/6/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Has anyone else had problems doing spoof_source on Solaris 9???
On 10/4/05, Chance Ellis <chance.ellis@gmail.com> wrote:
Here is just a snippet from the configure output:
checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_create in -lpthread... yes checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... yes checking how to enable static linking for certain libraries... no
clues,
linking everything dynamically, please send appropriate ld arguments to syslog-ng@lists .balabit.hu checking libol version >= 0.3.16... ok configure: creating ./config.status config.status: creating Makefile config.status: creating src/Makefile config.status: creating src/tests/Makefile config.status : creating doc/Makefile config.status : creating doc/sgml/Makefile config.status: creating contrib/Makefile config.status: creating syslog-ng.spec config.status: creating src/config.h config.status: src/config.h is unchanged config.status: executing depfiles commands Am I still missing something? This work on my Solaris 8 server, but not on my Solaris 9 box. Thanks! On 10/4/05, Gerardo Amaya <joseg@galileo.edu > wrote:
Chance Ellis wrote:
I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.
Here is my config:
destination d_squelch_acl { udp("10.159.234.52<http://10.159.234.52>
<http://10.159.234.52/><http://10.159.234.52
" port(514) spoof_source(yes)); }; filter f_squelch_acl { match("list squelch denied"); }; log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);}; source net { udp(); };
If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any
errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.
Any ideas?
Chance
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html
when you run the configure did you get in the result?
checking whether to enable spoof_source support....... yes
Sometimes it did not find the library where is suppose to be. your config looks ok. can you confirm on this?
best regards
Gerardo Amaya
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Nate
"The mind is everything. What you think you become." - Buddha
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Tue, 2005-10-11 at 22:50 -0400, Chance Ellis wrote:
Nate,
Thanks for replying. I did try that but I get the same results... UDP destinations work until I add the spoof_source to the destination.
How does the spoof_source work? Does it call some external library that I have the wrong version of on the Solaris9 boxes? What about lex? I also ran debug on the syslog-ng runtime and it just spews a bunch of senseless info. Might it be helpful if I post that?
it uses libnet to generate output packets. you might try to truss syslog-ng as it tries to send a spoofed source packet and see what it does. -- Bazsi
Ok, I copied the the Solaris 8 libnet-config file to the /tmp/foo folder on Solaris 9. I then ran: LD_LIBRARY_PATH=/tmp/foo:$LD_LIBRARY_PATH truss /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -F & I get the same result... Whenever I apply the spoof_source(yes) to the config I do not get any messages forwarded to the destination. If I remove the spoof_source(yes) messages flow but with the source IP address from the syslog-ng server... The truss output is quite huge! Is there any piece of the truss output that would help me to troubleshoot this? Is libnet-config the only thing I need or do I need something in addition to libnet-config? Thanks for all of your help! On 10/13/05, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Tue, 2005-10-11 at 22:50 -0400, Chance Ellis wrote:
Nate,
Thanks for replying. I did try that but I get the same results... UDP destinations work until I add the spoof_source to the destination.
How does the spoof_source work? Does it call some external library that I have the wrong version of on the Solaris9 boxes? What about lex? I also ran debug on the syslog-ng runtime and it just spews a bunch of senseless info. Might it be helpful if I post that?
it uses libnet to generate output packets. you might try to truss syslog-ng as it tries to send a spoofed source packet and see what it does.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Thu, 2005-10-13 at 15:57 -0400, Chance Ellis wrote:
Ok,
I copied the the Solaris 8 libnet-config file to the /tmp/foo folder on Solaris 9. I then ran:
LD_LIBRARY_PATH=/tmp/foo:$LD_LIBRARY_PATH truss /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -F &
I get the same result... Whenever I apply the spoof_source(yes) to the config I do not get any messages forwarded to the destination. If I remove the spoof_source(yes) messages flow but with the source IP address from the syslog-ng server...
The truss output is quite huge! Is there any piece of the truss output that would help me to troubleshoot this? Is libnet-config the only thing I need or do I need something in addition to libnet-config?
libnet-config is not used at all while running syslog-ng, it is a build-time script that is invoked to query header location and linking information about the libnet library. libnet is usually linked statically, so there's no point in setting LD_LIBRARY_PATH either, you can check which one syslog-ng is using by using "ldd" and/or checking if you have a libnet.a file (static), or libnet.so file (dynamic), or both. If you have both, the linking parameters determine which one is used by syslog-ng, in this case ldd should tell you the truth. To analyze the truss path, you should look for the pattern of the message that should be sent out with a spoofed source address, and then you should see system calls like recvmsg() when the message is received and either send() or write() when it is sent. libnet uses raw sockets to send messages, syslog-ng is probably opening AF_INET, SOCK_RAW sockets in that case. Although Solaris uses socket emulation and thus the actual system calls you see in the truss output might not be the same as in Linux, this is pretty straightforward. By the way, it might be easier to analyze the truss output if you are running a syslog-ng instance which does not actually deliver a lot of messages, but only a single one, this way the truss output will not be so large. -- Bazsi
participants (4)
-
Balazs Scheidler
-
Chance Ellis
-
Gerardo Amaya
-
Nate Campi