[syslog-ng]Double timestamps cause DB issue

Robin Brown syslog-ng@lists.balabit.hu
Fri, 25 Apr 2003 14:44:45 -0400 

UDP is:

SYSLOG:  ----- SYSLOG:   -----
SYSLOG:
SYSLOG:  "<172>Apr 25 2003 14:06:02: %PIX-4-106023: Deny tcp src insid"
SYSLOG:


Thanks,
Robin



-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Friday, April 25, 2003 2:17 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Double timestamps cause DB issue

On Fri, Apr 25, 2003 at 12:17:32PM -0400, Robin Brown wrote:
> Hello,
> 
> Running syslog-ng version 1.5.26 on Solaris 8.  All is working well,
> except now I want to log to a MySQL database.  I can also get that to
> work, the problem is the double time stamp in the syslog entry.  When
it
> gets put in the database the second timestamp ends up in the program
> field instead of the actual program.
> 
> Looking thru the archives, I can find reference to the template
macros,
> but there only appears to be one MSG macro available.  Below is a
sample
> log line:
> 
> Apr 25 11:40:36 mydevice.mydomain.com Apr 25 2003 11:13:09:
> %PIX-4-106023: Deny tcp src inside:111.222.333.444/1343 dst
> outside:555.999.777.888/80 by access-group "outbound"
> 
> And my database definition from syslog-ng.conf:
> 
> destination d_mysql {
>         pipe("/tmp/mysql.pipe"
>         template("INSERT INTO logs (host, facility, priority, level,
> tag, date,time, program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY', '$LEVEL', '$TAG','$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC',
> '$PROGRAM', '$MSG' );\n") template-escape(yes));
> };
> 
> 
> And a sample from the database:
> 
> host,facility,priority,level,tag,date,time,program,msg,seq
>
mydevice.mydomain.com,local5,warning,warning,ac,2003-04-25,10:26:14,Apr,
> Apr 25 2003 09:58:46: %PIX-4-106023: Deny tcp src
> inside:192.168.176.204/3954 dst outside:216.23.181.206/80 by
> access-group "outbound",1
> 
> 
> "Apr" is put in the program field and the message plus the second
> timestamp is added to the msg filed.

you can play with check_hostname and bad_hostname options, what does
syslog-ng receive in the UDP packet?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html