[syslog-ng]Re: problem with truncated kernel logs

Ron Braley braley@aero.und.edu
Mon, 29 Jul 2002 09:48:30 -0500 

Bazsi

Sorry - I forgot to change the subject line!

No, klogd isn't running in addition to syslog-ng.  Just to be sure, I
checked processes, which did show klogd -2 and then shut down the
syslog-ng service.  I then checked processes and saw klogd was no longer
running.  

Thanks in advance for your expert advise!

rb

Ron Braley
Network Team Leader - CCNP
Systems Team Leader - MCSE, CNE
University of North Dakota (Aerospace College)
braley@aero.und.edu
701-777-2964 (work) / 2940 (fax)

>>> bazsi@balabit.hu 07/29/02 03:03AM >>>
On Fri, Jul 26, 2002 at 03:11:10PM -0500, Ron Braley wrote:
> Hi bazi.
> 
> We're having a problem with syslog-ng 1.5.  It appears to be
truncating
> our iptables firewall logs.
> 
> The following shows good logs as viewed through dmesg, and actual
log
> entries as processed by syslog-ng:
> 
> *** Good (dmesg):
> IPTABLES TCP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:08:00:20:a7:53:e9:08:00
> SRC=134.129.212.23 DST=134.129.212.30 LEN=48 TOS=0x00 PREC=0x00
TTL=64
> ID=64525 DF 
> PROTO=TCP SPT=36788 DPT=53 WINDOW=24820 RES=0x00 SYN URGP=0
> 
> IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00
> SRC=134.129.214.80 DST=134.129.212.30 LEN=239 TOS=0x00 PREC=0x00
> TTL=127 ID=21813 
> PROTO=UDP SPT=138 DPT=138 LEN=219
> 
> *** Bad (syslog [/var/log/kern]):
> Jul 25 16:16:12 smack IPTABLES TCP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:a0:c9:a9:b2:6c:08:00 
> SRC=134.129.212.33 DST=134.129.212.30 LEN=60 TOS=0x00
> PREC=0x03NDOW=5840
> 
> Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fECP1389
> 
> Jul 25 16:16:13 smack IPTABLES UDP-IN: IN=eth1 OUT=
> MAC=00:03:47:4e:32:44:00:05:01:fb3::0 
> SRC=134.12920.134 DST=134.129.212.0 LEN=78 TOS=0x00
> PREC=0xTTL=1272ROTO=UDP SPT=137 DPT=137N=58

Please start a new thread if you send something unrelated to current
threads.

wrt your problem, are you sure you are not running klogd in addition
to
syslog-ng?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html