Hi, I am running syslog-ng 1.6r3 on a redhat linux 7.3. The central log server is receiving logs from solaris 2.8, aix 4/5 and windows 2k (using nt-syslog). Syslog-ng creates directories based on the $HOST variable, i.e., /var/syslog-ng/$HOST/.../logfiles. For some reason, the directories created is not always the $HOST, i.e, not an ip or a valid hostname (I am using the check_hostname option) but some left over of some syslog or nt-syslog messages. Here is an example of the content of the /var/syslog-ng/ directory: 10.10.10.1 10.10.10.2 10.10.10.3 adam (valid hostname) alex (valid hostname) ntds (not valid) service (not valid) windows (not valid) I am trying to figure out why these directories (the non valid ones) are created and how to prevent them. Right now, this seem to happen for nt-syslog and also for solaris 2.8. Any suggestions or help would be greatly appreciated. Thanks, Sylvain Hubert
On Sat, 2003-12-06 at 03:23, Sylvain Hubert wrote:
For some reason, the directories created is not always the $HOST, i.e, not an ip or a valid hostname (I am using the check_hostname option) but some left over of some syslog or nt-syslog messages. Here is an example of the content of the /var/syslog-ng/ directory:
It's nt-syslog at fault there. Sometimes it bungs out syslog records with the application name in where the hostname should be. I found the latest release from ntsyslog.sf.net didn't suffer as much from this problem (I only just upgraded myself last week - so cannot be more definitive than that) Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
participants (2)
-
Jason Haar
-
Sylvain Hubert