Hi I get some unwanted loggin from strange hosts.... The syslog-ng.conf-file looks like; options { use_fqdn(yes); keep_hostname(yes); use_dns(yes); long_hostnames(off); sync(0); log_fifo_size(1000); }; source all { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); udp(); }; destination hosts { file("/var/syslog/hosts/$HOST/$FACILITY_$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(all) ; destination(hosts) ; }; An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory; 0x0.0x5da74da 0x0.0x5dc3cea 0x0.0x5dc3d5a 0x0.0x5dc4077 0x0.0x5dca334 0x0.0x5dcea7a 0x0.0x637fb77 0x0.0x642bad8 0x0.0x64c5ea8 An example of correct hosts -directory in the /var/syslog/hosts-directory looks like this; trillian.student.bth.se trumma.bth.se viking.student.bth.se viola.bth.se violin.bth.se vogonjeltz.student.bth.se voyager.student.bth.se vroomfondel.student.bth.se zaphod.student.bth.se Is there some internal logging or what is it comming from? A minor problem is that i have the "long_hostnames" to off and still it loging whit long hostnames....any guess? Best Regards -- Bengt Olsson Blekinge Tekniska Högskola Datorenheten Campus Gräsvik Vallhallavägen 1 371 79 Karlskrona Mail: bol@bth.se Tel: 0455-385152 Mobil: 0708-787 780
On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
Hi
I get some unwanted loggin from strange hosts....
The syslog-ng.conf-file looks like;
options { use_fqdn(yes); keep_hostname(yes); use_dns(yes); long_hostnames(off); sync(0); log_fifo_size(1000); }; source all { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); udp(); }; destination hosts { file("/var/syslog/hosts/$HOST/$FACILITY_$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(all) ; destination(hosts) ; };
An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory; 0x0.0x5da74da 0x0.0x5dc3cea 0x0.0x5dc3d5a 0x0.0x5dc4077 0x0.0x5dca334 0x0.0x5dcea7a 0x0.0x637fb77 0x0.0x642bad8 0x0.0x64c5ea8
one of your devices send messages with bogus hostname part, and keep_hostname() keeps those. 1) turn off keep_hostname() 2) stop those hosts sending hostnames like those above
An example of correct hosts -directory in the /var/syslog/hosts-directory looks like this; trillian.student.bth.se trumma.bth.se viking.student.bth.se viola.bth.se violin.bth.se vogonjeltz.student.bth.se voyager.student.bth.se vroomfondel.student.bth.se zaphod.student.bth.se
Is there some internal logging or what is it comming from?
A minor problem is that i have the "long_hostnames" to off and still it loging whit long hostnames....any guess?
long_hostnames() is an alias to chain_hostnames() try use_fqdn() instead. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
On Tue, Sep 17, 2002 at 03:45:57PM +0200, Balazs Scheidler wrote:
On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
I get some unwanted loggin from strange hosts....
An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory; 0x0.0x5da74da 0x0.0x5dc3cea 0x0.0x5dc3d5a 0x0.0x5dc4077 0x0.0x5dca334 0x0.0x5dcea7a 0x0.0x637fb77 0x0.0x642bad8 0x0.0x64c5ea8
one of your devices send messages with bogus hostname part, and keep_hostname() keeps those.
1) turn off keep_hostname() 2) stop those hosts sending hostnames like those above
The FAQ covers this. http://www.campin.net/syslog-ng/faq.html#bad_filenames It is best to turn off keep_hostname() in most cases anyways. You'll still get kernel messages and other badly formatted messages creating bad "hosts" directories even with all hosts sending a correct name. At least that's the case if you still use the vendor-supplied syslogd on your clients. If you roll out syslog-ng to all UNIXes I'd imagine that problem will go away. Of course this doesn't cover any network devices you have that send you syslogs :( -- I never think of the future. It comes soon enough. - Albert Einstein
participants (3)
-
Balazs Scheidler
-
BENGT OLSSON
-
Nate Campi