[syslog-ng]Malformed Messages FRom syslogd
Nate Campi
syslog-ng@lists.balabit.hu
Thu, 3 Apr 2003 11:04:59 -0800
On Wed, Apr 02, 2003 at 03:45:39PM -0500, Keith Resar wrote:
>
> Occasionally I get radically malformed messages, which syslog-ng
> places in the wrong locations. The file destination writes these
> messages to $HOST/$PRIORITY, etc., but these varibales consist of
> this munged data.
>
> Unfortunately, this forces me to manually clean out and remove the
> directory structure the messages created. Any ideas on how to
> prevent this from happening in the first place?
http://www.campin.net/syslog-ng/faq.html#bad_filenames covers this. It
talks about not trusting input from the network when creating files, as
you mention below.
What worked for me was to use syslog-ng everywhere, transfer over TCP
and set
options {
use_fqdn(yes);
long_hostnames(off);
keep_hostname(no);
use_dns(yes);
};
I'd think about using dnscache's internal DNS caching and/or a local DNS
cache with this setup as well.
--
Nate Campi http://www.campin.net