AW: [syslog-ng]Filter for currupt syslog-messages?

Meinecke, Sebastian syslog-ng@lists.balabit.hu
Thu, 24 Apr 2003 17:40:29 +0200 

At first: thanks for your quick help!

I downloaded the new Version 1.6.0rc2 of syslog-ng and installed it as
usual. The problem now is, that macros don=B4t work. Variables like =
$HOST
$FACILITY etc. are null, although there hadn=B4t been any errors during
compling and installing.=20
I=B4m using the config-file that properly worked under the =
1.5.24-version.

Destinations like=20

destination d_mysql_pipe { pipe("/logs/mysql.pipe" template("INSERT =
INTO
logs (host, facility, priority, date, time, program, msg) VALUES ( =
'$HOST',
'$FACILITY', '$PRIORITY',  '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC',
'$PROGRAM','$MSG' );\n") template-escape(yes)); };

produce  SQL-statements like=20

INSERT INTO logs (host, facility, priority, date, time, program, msg) =
VALUES
( '', '', '',  '--', '::', '','' );

I didn=B4t find any notices about changes in the config-file-syntax =
that could
produce such stuff... or maybe I only fooled myself ;-)

again: thanks in advance,

Sebastian



On Thu, Apr 24, 2003 at 04:18:45PM +0200, Meinecke, Sebastian wrote:
> Hello everyone,
>=20
> I=B4ve set up a Linux box with syslog-ng 1.5.24 running. It is =
configured,
> that it puts all syslog-messages from other Unix hosts in the network =
via
> the "template"=20
> function as a SQL-Statement into a pipe. This pipe is read by a
mysql-Client
> that writes everything into the MySQL-database.
>=20
>=20
> Everything works fine, until I try to stress the system using a tool, =
that
> sends corrupt syslog-messages to the Syslog-ng-Server. The result is, =
that
> these "corrupt" messages=20
> are not written into the database (that=B4s OK; I don=B4t want them =
there...).
> But the problem is that syslog-messages arriving a little time before =
or
> after the=20
> corrupt ones will also not be put into the database, because the =
fragments
> of the corrupt SQL-statements that are built out of the corrupt =
messages=20
> also damage the "good ones".
>=20
>=20
> So my question: Is there any possibility to filter messages that are
corrupt
> or don=B4t match RFC 3164  via the "filter"-function of syslog-ng?=20
> Or does anybody of you know a different solution?

there were some line reassembling problems in earlier 1.5.x versions. =
you
might
try to upgrade first and check whether that version also has some =
problems.
(the latest snapshots of 1.6.0rc2 should be ok)

--=20
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C =
8EB1
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html