Sylog-ng OpenBSD Problems
Hello, I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64, i have some problems, its not working in the way i want it, my config looks in this way: options { long_hostnames(off); chain_hostnames(off); use_fqdn (yes); sync(0); }; source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); }; no biggie at all tail -f /var/log/info shows: Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1:14, changed state to down Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24: %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to down There is no Router source IP, just syslog/syslog syslog is the name of the logging box # uname -a OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64 when i run that box with the normal syslogd the source ip, gets shown, and even when i erase all options in syslog-ng.conf : source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); }; the source ip never comes in, i just want the sourceip no dns name nothing any ideas? Greets Johannes -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam. http://www.brennercom.it
Hi, check these options out... http://www.balabit.com/products/syslog_ng/reference/x601.html: options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); }; You have to disable these options as shown above. Hope this helps... /me
Hello,
I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64, i have some problems, its not working in the way i want it, my config looks in this way:
options { long_hostnames(off); chain_hostnames(off); use_fqdn (yes); sync(0); }; source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
no biggie at all
tail -f /var/log/info shows: Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1:14, changed state to down Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24: %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to down
There is no Router source IP, just syslog/syslog syslog is the name of the logging box
# uname -a OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
when i run that box with the normal syslogd the source ip, gets shown, and even when i erase all options in syslog-ng.conf : source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
the source ip never comes in, i just want the sourceip no dns name nothing any ideas?
Greets
Johannes -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgeb�hr: http://www.gmx.net/dsl
Hello me thanks for your fast reply. But to be honest i had no luck :-( # cat /etc/test options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); }; source s_udp { udp(); }; destination smc { file("/var/log/info"); }; log { source(s_udp); destination(smc); }; # syslog-ng -f /etc/test Warning: No source refers to internal messages, they'll go to /dev/null # tail -f /var/log/info Apr 28 19:31:01 syslog 62784: Apr 28 19:50:02: %SEC-6-IPACCESSLOGP: list 150 denied udp 192.168.163.1(3381) -> 255.255.255.255(712), 1 packet Apr 28 19:31:01 syslog 1562183: Apr 28 19:50:03: %ISDN-6-CONNECT: Interface Serial1/1:27 is now connected to 0800321321 test32ABC Apr 28 19:31:02 syslog 1562184: Apr 28 19:50:03: %LINK-3-UPDOWN: Interface Async163, changed state to up Apr 28 19:31:07 syslog 1562188: Apr 28 19:50:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1:14, changed state to up Apr 28 19:31:08 syslog 163080: Apr 28 17:50:09: %SEC-6-IPACCESSLOGP: list 150 denied udp 10.150.9.3(4031) -> 255.255.255.255(161), 1 packet as you can see i done everything you told me, i always get the same problem, this is a standart installation of OpenBSD no special changes where made, nothing. Any more Ideas? Greets Johannes On Wed, 28 Apr 2004 18:54:16 +0200 (MEST) "me" <e.diot@gmx.net> wrote:
Hi,
check these options out...
http://www.balabit.com/products/syslog_ng/reference/x601.html:
options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); };
You have to disable these options as shown above. Hope this helps...
/me
Hello,
I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64, i have some problems, its not working in the way i want it, my config looks in this way:
options { long_hostnames(off); chain_hostnames(off); use_fqdn (yes); sync(0); }; source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
no biggie at all
tail -f /var/log/info shows: Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1:14, changed state to down Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24: %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to down
There is no Router source IP, just syslog/syslog syslog is the name of the logging box
# uname -a OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
when i run that box with the normal syslogd the source ip, gets shown, and even when i erase all options in syslog-ng.conf : source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
the source ip never comes in, i just want the sourceip no dns name nothing any ideas?
Greets
Johannes -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam. http://www.brennercom.it
Hi again,
Warning: No source refers to internal messages, they'll go to /dev/null
To get rid of this, enable the option "internal()" within your source definition.. (http://www.balabit.com/products/syslog_ng/reference/reference.html). <from the reference doc> All internally generated messages "come" from this special source. If you want warnings, errors and notices from syslog-ng itself, you have to include this source in one of your source statements. Declaration: internal() Syslog-ng will issue a warning upon startup, if this driver is not referenced. </from the reference doc> Be sure to chain_hostnames() also... <from the reference doc> The name of the source host where the message is originated from. If the message traverses several hosts, and chain_hostnames() is on, the first one is used. </from the reference doc> If you run syslog-ng v1.5.3 or higher, you can define templates for the messages to be generated by syslog: template() <from the reference doc> Specifies a template which specifies the logformat to be used in this file. The possible macros are the same as in destination filenames. </from the reference doc> Here an example: destination all { file("/var/adm/all.log" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") ); }; Hope this helps this time.. :-) /me
Hello me
thanks for your fast reply. But to be honest i had no luck :-(
# cat /etc/test options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); }; source s_udp { udp(); }; destination smc { file("/var/log/info"); }; log { source(s_udp); destination(smc); }; # syslog-ng -f /etc/test Warning: No source refers to internal messages, they'll go to /dev/null # tail -f /var/log/info Apr 28 19:31:01 syslog 62784: Apr 28 19:50:02: %SEC-6-IPACCESSLOGP: list 150 denied udp 192.168.163.1(3381) -> 255.255.255.255(712), 1 packet Apr 28 19:31:01 syslog 1562183: Apr 28 19:50:03: %ISDN-6-CONNECT: Interface Serial1/1:27 is now connected to 0800321321 test32ABC Apr 28 19:31:02 syslog 1562184: Apr 28 19:50:03: %LINK-3-UPDOWN: Interface Async163, changed state to up Apr 28 19:31:07 syslog 1562188: Apr 28 19:50:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1:14, changed state to up Apr 28 19:31:08 syslog 163080: Apr 28 17:50:09: %SEC-6-IPACCESSLOGP: list 150 denied udp 10.150.9.3(4031) -> 255.255.255.255(161), 1 packet
as you can see i done everything you told me, i always get the same problem, this is a standart installation of OpenBSD no special changes where made, nothing.
Any more Ideas?
Greets
Johannes
On Wed, 28 Apr 2004 18:54:16 +0200 (MEST) "me" <e.diot@gmx.net> wrote:
Hi,
check these options out...
http://www.balabit.com/products/syslog_ng/reference/x601.html:
options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); };
You have to disable these options as shown above. Hope this helps...
/me
Hello,
I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64, i have some problems, its not working in the way i want it, my config looks in this way:
options { long_hostnames(off); chain_hostnames(off); use_fqdn (yes); sync(0); }; source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
no biggie at all
tail -f /var/log/info shows: Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1:14, changed state to down Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24: %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to down
There is no Router source IP, just syslog/syslog syslog is the name of the logging box
# uname -a OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
when i run that box with the normal syslogd the source ip, gets shown, and even when i erase all options in syslog-ng.conf : source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
the source ip never comes in, i just want the sourceip no dns name nothing any ideas?
Greets
Johannes -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
Thx again me, but i dont care about internal messages, i just want to get the remote ones from my routers but with the source ip, even when i add chain_hostnames(yes) i cant get the routers IP, nothing at all, i always get my localhosts name :-( any more ideas? Salü Johannes On Thu, 29 Apr 2004 07:28:00 +0200 (MEST) "me" <e.diot@gmx.net> wrote:
Hi again,
Warning: No source refers to internal messages, they'll go to /dev/null
To get rid of this, enable the option "internal()" within your source definition..
(http://www.balabit.com/products/syslog_ng/reference/reference.html).
<from the reference doc> All internally generated messages "come" from this special source. If you want warnings, errors and notices from syslog-ng itself, you have to include this source in one of your source statements.
Declaration: internal()
Syslog-ng will issue a warning upon startup, if this driver is not referenced. </from the reference doc>
Be sure to chain_hostnames() also... <from the reference doc> The name of the source host where the message is originated from. If the message traverses several hosts, and chain_hostnames() is on, the first one is used. </from the reference doc>
If you run syslog-ng v1.5.3 or higher, you can define templates for the messages to be generated by syslog: template()
<from the reference doc> Specifies a template which specifies the logformat to be used in this file. The possible macros are the same as in destination filenames. </from the reference doc>
Here an example:
destination all { file("/var/adm/all.log" template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n") ); };
Hope this helps this time.. :-) /me
Hello me
thanks for your fast reply. But to be honest i had no luck :-(
# cat /etc/test options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); }; source s_udp { udp(); }; destination smc { file("/var/log/info"); }; log { source(s_udp); destination(smc); }; # syslog-ng -f /etc/test Warning: No source refers to internal messages, they'll go to /dev/null # tail -f /var/log/info Apr 28 19:31:01 syslog 62784: Apr 28 19:50:02: %SEC-6-IPACCESSLOGP: list 150 denied udp 192.168.163.1(3381) -> 255.255.255.255(712), 1 packet Apr 28 19:31:01 syslog 1562183: Apr 28 19:50:03: %ISDN-6-CONNECT: Interface Serial1/1:27 is now connected to 0800321321 test32ABC Apr 28 19:31:02 syslog 1562184: Apr 28 19:50:03: %LINK-3-UPDOWN: Interface Async163, changed state to up Apr 28 19:31:07 syslog 1562188: Apr 28 19:50:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1:14, changed state to up Apr 28 19:31:08 syslog 163080: Apr 28 17:50:09: %SEC-6-IPACCESSLOGP: list 150 denied udp 10.150.9.3(4031) -> 255.255.255.255(161), 1 packet
as you can see i done everything you told me, i always get the same problem, this is a standart installation of OpenBSD no special changes where made, nothing.
Any more Ideas?
Greets
Johannes
On Wed, 28 Apr 2004 18:54:16 +0200 (MEST) "me" <e.diot@gmx.net> wrote:
Hi,
check these options out...
http://www.balabit.com/products/syslog_ng/reference/x601.html:
options { use_fqdn(no); use_dns(no); dns_cache(no); keep_hostname(yes); long_hostnames(off); sync(1); };
You have to disable these options as shown above. Hope this helps...
/me
Hello,
I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64, i have some problems, its not working in the way i
want
it,
my config looks in this way:
options { long_hostnames(off); chain_hostnames(off); use_fqdn (yes); sync(0); }; source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
no biggie at all
tail -f /var/log/info shows: Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1:14, changed state to down Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24: %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to down
There is no Router source IP, just syslog/syslog syslog is the name of the logging box
# uname -a OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
when i run that box with the normal syslogd the source ip, gets shown, and even when i erase all options in syslog-ng.conf : source s_udp { udp(); }; destination test { file("/var/log/info"); }; log { source(s_udp); destination(test); };
the source ip never comes in, i just want the sourceip no dns name nothing any ideas?
Greets
Johannes -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam. http://www.brennercom.it
participants (2)
-
Johannes Geier
-
me