[syslog-ng]Re: problem with truncated kernel logs

Balazs Scheidler bazsi@balabit.hu
Mon, 29 Jul 2002 10:03:36 +0200


On Fri, Jul 26, 2002 at 03:11:10PM -0500, Ron Braley wrote:
> Hi bazi.
> 
> We're having a problem with syslog-ng 1.5.  It appears to be truncating
> our iptables firewall logs.
> 
> The following shows good logs as viewed through dmesg, and actual log
> entries as processed by syslog-ng:
> 
> *** Good (dmesg):
> IPTABLES TCP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:08:00:20:a7:53:e9:08:00
> SRC=134.129.212.23 DST=134.129.212.30 LEN=48 TOS=0x00 PREC=0x00 TTL=64
> ID=64525 DF 
> PROTO=TCP SPT=36788 DPT=53 WINDOW=24820 RES=0x00 SYN URGP=0
> 
> IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00
> SRC=134.129.214.80 DST=134.129.212.30 LEN=239 TOS=0x00 PREC=0x00
> TTL=127 ID=21813 
> PROTO=UDP SPT=138 DPT=138 LEN=219
> 
> *** Bad (syslog [/var/log/kern]):
> Jul 25 16:16:12 smack IPTABLES TCP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:a0:c9:a9:b2:6c:08:00 
> SRC=134.129.212.33 DST=134.129.212.30 LEN=60 TOS=0x00
> PREC=0x03NDOW=5840
> 
> Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fECP1389
> 
> Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fb3::0 
> SRC=134.12920.134 DST=134.129.212.0 LEN=78 TOS=0x00
> PREC=0xTTL=1272ROTO=UDP SPT=137 DPT=137N=58

Please start a new thread if you send something unrelated to current
threads.

wrt your problem, are you sure you are not running klogd in addition to
syslog-ng?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1