[syslog-ng][PATCH] please test: syslog-ng message mangling fi x

Dustin Trammell DTrammell@PENSON.COM
Wed, 21 Aug 2002 10:55:23 -0500


Well, that did the trick, and it compiled, however I'm still getting chopped
log entries:

Aug 21 10:36:54 loghost01 kernel: fwlog input drop cleanup IN=eth0 OUT=
MAC=00:06:5b:84:60:7e:00:01:03:31:c1:be:08:00 SRC=172.30.10.42
DST=172.30.8.40 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30431 DF PROTO=TCP
SPT=33711 DPT=817 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 21 10:37:00 loghost01 kernel: fwlog input drop cleanup IN=eth0 OUT=
MAC=00:06:5b:84:60:7e:00:01:03:31:c1:be:08:00 SRC=172.30.10.42
DST=172.30.8.40 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30432 DF PROTO=TCP
SPT=33711 DPT=817 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 21 10:37:12 loghost01 kernel: fwlog input drop cleanup IN=eth0 OUT=
MAC=00:
Aug 21 10:37:12 loghost01 kernel: 06:5b:84:60:7e:00:01:03:31:c1:be:08:00
SRC=172.30.10.42 DST=172.30.8.40 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=30433
DF PROTO=TCP SPT=33711 DPT=817 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 21 10:38:33 loghost01 kernel: fwlog input drop cleanup IN=eth0 OUT=
MAC=00:06:5b:84:60:7e:00:01:03:31:c1:be:08:00 SRC=172.30.10.42
DST=172.30.8.40 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52186 DF PROTO=TCP
SPT=33712 DPT=31337 WINDOW=5840 RES=0x00 SYN URGP=0
Aug 21 10:38:57 loghost01 kernel: fwlog input drop cleanup IN=eth0 OUT=
MAC=00:06:5b:84:60:7e:00:01:03:31:c1:be:08:00 SRC=172.30.10.42
DST=172.30.8.40 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52187 DF
Aug 21 10:38:57 loghost01 kernel: PROTO=TCP SPT=33712 DPT=31337 WINDOW=5840
RES=0x00 SYN URGP=0

(sigh) ... At least they're no longer getting mangled (as far as I can tell,
I haven't seen any mangled lines since I patched), but some entries are
still getting split between two or more lines.  Any ideas Balazs?

---
Dustin D. Trammell
Information Security Specialist
Penson Financial Services, Inc.



-----Original Message-----
From: Stephen Frost [mailto:sfrost@snowman.net]
Sent: Wednesday, August 21, 2002 09:59
To: syslog-ng@lists.balabit.hu
Cc: Dustin Trammell
Subject: Re: [syslog-ng][PATCH] please test: syslog-ng message mangling
fi x


* Dustin Trammell (DTrammell@PENSON.COM) wrote:
> Having a bit of a problem with this patch...  Using a freshly un-tarred
copy
> of 1.5.19:

The quick and dirty answer is: touch sources.c.x or just touch *.x

	Stephen