[syslog-ng]Unwanted logging
Balazs Scheidler
bazsi@balabit.hu
Tue, 17 Sep 2002 15:45:57 +0200
On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
> Hi
>
> I get some unwanted loggin from strange hosts....
>
> The syslog-ng.conf-file looks like;
>
> options { use_fqdn(yes); keep_hostname(yes); use_dns(yes);
> long_hostnames(off); sync(0); log_fifo_size(1000); };
> source all { sun-streams ("/dev/log" door("/etc/.syslog_door"));
> internal(); udp(); };
> destination hosts {
> file("/var/syslog/hosts/$HOST/$FACILITY_$YEAR-$MONTH-$DAY" owner(root)
> group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
> log { source(all) ; destination(hosts) ; };
>
> An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory;
> 0x0.0x5da74da
> 0x0.0x5dc3cea
> 0x0.0x5dc3d5a
> 0x0.0x5dc4077
> 0x0.0x5dca334
> 0x0.0x5dcea7a
> 0x0.0x637fb77
> 0x0.0x642bad8
> 0x0.0x64c5ea8
one of your devices send messages with bogus hostname part, and
keep_hostname() keeps those.
1) turn off keep_hostname()
2) stop those hosts sending hostnames like those above
>
> An example of correct hosts -directory in the
> /var/syslog/hosts-directory looks like this;
> trillian.student.bth.se
> trumma.bth.se
> viking.student.bth.se
> viola.bth.se
> violin.bth.se
> vogonjeltz.student.bth.se
> voyager.student.bth.se
> vroomfondel.student.bth.se
> zaphod.student.bth.se
>
> Is there some internal logging or what is it comming from?
>
> A minor problem is that i have the "long_hostnames" to off and still it
> loging whit long hostnames....any guess?
long_hostnames() is an alias to chain_hostnames()
try use_fqdn() instead.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1