[syslog-ng]Odd problem
Hamilton, Andrew Mr.
HamiltonA@hq.5sigcmd.army.mil
Wed, 15 Nov 2000 15:06:21 +0100
I am getting something very strange in my syslogs. This doesn't happen for
every host but it appears that most of the hostnames are getting the front
truncated. Here is a sample of the logfile and my config file. I am
running syslog-ng 1.4.7.
Nov 15 13:57:03 gw1.hanau.army.mil 172593: Nov 15 13:57:18:
%SEC-6-IPACCESSLOGP: list 196 permitted tcp 140.156.30.6(48879) ->
192.73.27.115(33658), 725 packets
Nov 15 13:57:03 gw7.mannheim.army.mil 93065: Nov 15 13:57:18:
%LANCE-5-LATECOLL: Unit 0, late collision error
Nov 15 13:57:03 bggw.heidelberg.army.mil 3078332: Nov 15 13:57:18:
%SEC-6-IPACCESSLOGP: list 191 denied tcp 64.4.16.24(80) ->
147.37.199.194(1509), 1 packet
Nov 15 13:57:03 bggw.ansbach.army.mil 437279: Nov 15 13:57:18:
%SEC-6-IPACCESSLOGP: list 193 denied udp 136.218.199.6(1704) ->
169.254.102.246(1112), 1 packet
Nov 15 13:57:03 BGGW-ETHER0-1.STUTTGART.ARMY.MIL 1236689: 6w6d:
%SEC-6-IPACCESSLOGP: list 192 permitted tcp 199.211.200.34(1488) ->
136.221.21.11(80), 6 packets
The hostname should have hnu-gw1.hanau.army.mil in the first one and
likewise for the rest. There is some 3 letter representation of the region
on the front of the hostname. Here is my config, partly anyway.
options { long_hostnames(yes); use_fqdn(yes); chain_hostnames(no); sync(0);
keep_hostname(yes); create_dirs(yes); };
source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal();
udp(); };
destination d_cisco { file("/logs/cisco/ciscologs"); };
destination d_reno { udp("host.mydomain.mil"); };
filter f_cisco { facility(local7) };
log { source(src); filter(f_cisco); destination(d_cisco);
destination(d_host); };
Seems to actually function fine but is truncating the front part.
Any ideas?
Regards,
Drew