[syslog-ng]Filter for currupt syslog-messages?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 24 Apr 2003 16:24:09 +0200
On Thu, Apr 24, 2003 at 04:18:45PM +0200, Meinecke, Sebastian wrote:
> Hello everyone,
>
> Iīve set up a Linux box with syslog-ng 1.5.24 running. It is configured,
> that it puts all syslog-messages from other Unix hosts in the network via
> the "template"
> function as a SQL-Statement into a pipe. This pipe is read by a mysql-Client
> that writes everything into the MySQL-database.
>
>
> Everything works fine, until I try to stress the system using a tool, that
> sends corrupt syslog-messages to the Syslog-ng-Server. The result is, that
> these "corrupt" messages
> are not written into the database (thatīs OK; I donīt want them there...).
> But the problem is that syslog-messages arriving a little time before or
> after the
> corrupt ones will also not be put into the database, because the fragments
> of the corrupt SQL-statements that are built out of the corrupt messages
> also damage the "good ones".
>
>
> So my question: Is there any possibility to filter messages that are corrupt
> or donīt match RFC 3164 via the "filter"-function of syslog-ng?
> Or does anybody of you know a different solution?
there were some line reassembling problems in earlier 1.5.x versions. you might
try to upgrade first and check whether that version also has some problems.
(the latest snapshots of 1.6.0rc2 should be ok)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1