Netscreen fw logs not piped in mysql
Hi, I'm close to give up and have following problem: * Netscreen Firewalls (Screen OS 5.1r3 & 4.1) * Syslog-ng [&php-syslog-ng] My System is Debian sarge, syslog-ng 1.6.5 a) Unix syslog entries are stored correctly in mysql database (and textfile) all seems fine ! b) Netscreen syslog infos are logged as expected in txt file (see attach) c) [PROBLEM] but logging in mysql are not working, got following message from my pipe script ERROR at line 1: Unknown command '\"'. ERROR at line 1: Unknown command '\"'. ERROR at line 1: Unknown command '\"'. Maybe a truncating problem ? Seems related to following questions, but unfortunately never found a solution https://lists.balabit.hu/pipermail/syslog-ng/2004-November/006678.html http://www.experts-exchange.com/Security/Unix_Security/Q_21077259.html http://www.netscreenforum.com/viewtopic.php?t=1209&highlight=syslogng I followed mostly these instructions: http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG Hope somebody can help me and have an idea or solution. Many thanks in advance Cheers Christian ---------------------------------------------------- e.g. syslog Apr 25 14:08:38 172.29.8.2 co-gw: NetScreen device_id=co-gw system-notification-00257(traffic): start_time="2005-04-25 13:08:37" duration=0 policy_id=320001 service=udp/port:1985 proto=17 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=195.122.33.7 dst=224.0.0.2 src_ Apr 25 14:08:38 196.35.45.2 co-gw: NetScreen device_id=co-gw system-notification-00257(traffic): start_time="2005-04-25 13:08:37" duration=0 policy_id=320001 service=proto:88/port:0 proto=88 src zone=Null dst zone=self action=Deny sent=0 rcvd=60 src=172.30.7.1 dst=224.0.0.10 ---------------------------------------------------- or e.g. sep. file via filter destination firewalls { file("/var/log/netscreen"); }; filter f_firewalls { facility(local7); }; log { source(s_all); filter(f_firewalls); destination(firewalls); }; Apr 25 17:45:06 172.29.5.163 ns5gt: NetScreen device_id=ns5gt [Root]system-information-00524: SNMP request from an unknown SNMP community at 172.29.5.146:32862 has been received. (2005-04-25 17:57:41) ----------------------------------------------------
RESOLVED, resp. kind of fixed in upstream [Debian 1.6.7-1] * Upgrade to "1.6.7" fixed they Problem !!! FYI: * first tried upgrade to Debian Package "1.6.5-2.2" Still PROBLEM ... nothing else changed = bug in 1.6.5 as expected from rmkml Thanks Christian --------------------- On 4/25/05, Rmkml wrote Hi Christian, please update syslog-ng v1.6.6 and retest Regards Rmkml --------------------- On 4/25/05, Christian Janssen wrote: ....
* Netscreen Firewalls (Screen OS 5.1r3 & 4.1) My System is Debian sarge, syslog-ng 1.6.5
a) Unix syslog entries are stored correctly in mysql database (and textfile) all seems fine !
b) Netscreen syslog infos are logged as expected in txt file (see attach)
c) [PROBLEM] but logging in mysql are not working, got following message from my pipe script
ERROR at line 1: Unknown command '\"'. ERROR at line 1: Unknown command '\"'. ERROR at line 1: Unknown command '\"'.
...
participants (1)
-
Christian Janssen