[syslog-ng]Unwanted logging
Nate Campi
nate@campin.net
Tue, 17 Sep 2002 07:13:51 -0700
On Tue, Sep 17, 2002 at 03:45:57PM +0200, Balazs Scheidler wrote:
> On Tue, Sep 17, 2002 at 02:31:46PM +0200, BENGT OLSSON wrote:
> >
> > I get some unwanted loggin from strange hosts....
> >
> > An example of unwanted "hosts"-directory in the /var/syslog/hosts-directory;
> > 0x0.0x5da74da
> > 0x0.0x5dc3cea
> > 0x0.0x5dc3d5a
> > 0x0.0x5dc4077
> > 0x0.0x5dca334
> > 0x0.0x5dcea7a
> > 0x0.0x637fb77
> > 0x0.0x642bad8
> > 0x0.0x64c5ea8
>
> one of your devices send messages with bogus hostname part, and
> keep_hostname() keeps those.
>
> 1) turn off keep_hostname()
> 2) stop those hosts sending hostnames like those above
The FAQ covers this.
http://www.campin.net/syslog-ng/faq.html#bad_filenames
It is best to turn off keep_hostname() in most cases anyways. You'll
still get kernel messages and other badly formatted messages creating
bad "hosts" directories even with all hosts sending a correct name.
At least that's the case if you still use the vendor-supplied syslogd on
your clients. If you roll out syslog-ng to all UNIXes I'd imagine that
problem will go away. Of course this doesn't cover any network devices
you have that send you syslogs :(
--
I never think of the future. It comes soon enough. - Albert Einstein