[syslog-ng]Sylog-ng OpenBSD Problems

Johannes Geier syslog-ng@lists.balabit.hu
Thu, 29 Apr 2004 09:00:11 +0200


Thx again me,

but i dont care about internal messages, i just want to get
the remote ones from my routers but with the source ip,
even when i add chain_hostnames(yes) i cant get the routers
IP, nothing at all, i always get my localhosts name :-(

any more ideas?

Salü

Johannes

On Thu, 29 Apr 2004 07:28:00 +0200 (MEST)
 "me" <e.diot@gmx.net> wrote:
> Hi again,
> 
> > Warning: No source refers to internal messages, they'll
> go
> > to /dev/null
> 
> To get rid of this, enable the option "internal()" within
> your source
> definition..
>
(http://www.balabit.com/products/syslog_ng/reference/reference.html).
> 
> <from the reference doc>
> All internally generated messages "come" from this
> special source. If you
> want warnings, errors and notices from syslog-ng itself,
> you have to include
> this source in one of your source statements.
> 
> 	  Declaration: internal()
> 	
> Syslog-ng will issue a warning upon startup, if this
> driver is not
> referenced. 
> </from the reference doc>
> 
> Be sure to chain_hostnames() also... 
> <from the reference doc>
> The name of the source host where the message is
> originated from. If the
> message traverses several hosts, and chain_hostnames() is
> on, the first one
> is used.
> </from the reference doc>
> 
> If you run syslog-ng v1.5.3 or higher, you can define
> templates for the
> messages to be generated by syslog: template()
> 
> <from the reference doc>
> Specifies a template which specifies the logformat to be
> used in this file.
> The possible macros are the same as in destination
> filenames.
> </from the reference doc>
> 
> Here an example: 
> 
> destination all {
>   file("/var/adm/all.log"
>     template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n")
>   );
> };
> 
> Hope this helps this time.. :-)
> /me
> 
> 
> > Hello me
> > 
> > thanks for your fast reply.
> > But to be honest i had no luck :-(
> > 
> > # cat /etc/test
> > options { 
> > use_fqdn(no); 
> > use_dns(no); 
> > dns_cache(no); 
> > keep_hostname(yes);
> > long_hostnames(off); 
> > sync(1); 
> > };
> > source s_udp { udp(); }; 
> > destination smc { file("/var/log/info"); };
> > log { source(s_udp); destination(smc); };
> > # syslog-ng -f /etc/test
> > Warning: No source refers to internal messages, they'll
> go
> > to /dev/null
> > # tail -f /var/log/info
> > Apr 28 19:31:01 syslog 62784: Apr 28 19:50:02:
> > %SEC-6-IPACCESSLOGP: list 150 denied udp
> > 192.168.163.1(3381) -> 255.255.255.255(712), 1 packet
> > Apr 28 19:31:01 syslog 1562183: Apr 28 19:50:03:
> > %ISDN-6-CONNECT: Interface Serial1/1:27 is now
> connected to
> > 0800321321 test32ABC
> > Apr 28 19:31:02 syslog 1562184: Apr 28 19:50:03:
> > %LINK-3-UPDOWN: Interface Async163, changed state to up
> > Apr 28 19:31:07 syslog 1562188: Apr 28 19:50:08:
> > %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Serial2/1:14, changed state to up
> > Apr 28 19:31:08 syslog 163080: Apr 28 17:50:09:
> > %SEC-6-IPACCESSLOGP: list 150 denied udp
> 10.150.9.3(4031)
> > -> 255.255.255.255(161), 1 packet
> > 
> > as you can see i done everything you told me, i always
> get
> > the same problem, this is a standart installation of
> > OpenBSD no special changes where made, nothing.
> > 
> > Any more Ideas?
> > 
> > Greets
> > 
> > Johannes
> > 
> > 
> > On Wed, 28 Apr 2004 18:54:16 +0200 (MEST)
> >  "me" <e.diot@gmx.net> wrote:
> > > Hi,
> > > 
> > > check these options out...
> > >
> >
>
http://www.balabit.com/products/syslog_ng/reference/x601.html:
> > > 
> > > options { 
> > > 	use_fqdn(no); 
> > > 	use_dns(no); 
> > >  	dns_cache(no); 
> > > 	keep_hostname(yes);
> > > 	long_hostnames(off); 
> > > 	sync(1); 
> > > };
> > > 
> > > You have to disable these options as shown above.
> > > Hope this helps...
> > > 
> > > /me
> > > 
> > > > Hello,
> > > > 
> > > > I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64,
> > > > i have some problems, its not working in the way i
> want
> > > it,
> > > > my config looks in this way:
> > > > 
> > > > options { 
> > > > long_hostnames(off);
> > > > chain_hostnames(off);
> > > > use_fqdn (yes);
> > > > sync(0); 
> > > > };
> > > > source s_udp { udp(); }; 
> > > > destination test { file("/var/log/info"); };
> > > > log { source(s_udp); destination(test); };
> > > > 
> > > > no biggie at all
> > > > 
> > > > tail -f /var/log/info shows:
> > > > Apr 28 16:23:18 syslog/syslog 1552866: Apr 28
> 16:42:18:
> > > > %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > > > Serial1/1:14, changed state to down
> > > > Apr 28 16:23:23 syslog/syslog 1552872: Apr 28
> 16:42:24:
> > > > %LINK-3-UPDOWN: Interface Serial1/0:2, changed
> state to
> > > > down
> > > > 
> > > > There is no Router source IP, just syslog/syslog
> syslog
> > > is
> > > > the name of the logging box
> > > > 
> > > > # uname -a
> > > > OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
> > > > 
> > > > when i run that box with the normal syslogd the
> source
> > > ip,
> > > > gets shown, and even when i erase all options in
> > > > syslog-ng.conf :
> > > > source s_udp { udp(); }; 
> > > > destination test { file("/var/log/info"); };
> > > > log { source(s_udp); destination(test); };
> > > > 
> > > > the source ip never comes in, i just want the
> sourceip
> > > no
> > > > dns name nothing any ideas?
> > > > 
> > > > Greets
> > > > 
> > > > Johannes
> > > > --
> > > > Die e-Mail-Boxes von Brennercom sind
> Virus-gesichert
> > > und Spam-gefiltert.
> > > > Le caselle e-Mail di Brennercom sono protette da
> > > sistemi antivirus e
> > > > antispam.
> > > > 
> > > > http://www.brennercom.it
> > > > _______________________________________________
> > > > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > > Frequently asked questions at
> > > http://www.campin.net/syslog-ng/faq.html
> > > > 
> > > 
> > > -- 
> > > NEU : GMX Internet.FreeDSL
> > > Ab sofort DSL-Tarif ohne Grundgebühr:
> > > http://www.gmx.net/dsl
> > > 
> > > _______________________________________________
> > > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Frequently asked questions at
> > > http://www.campin.net/syslog-ng/faq.html
> > > 
> > 
> > --
> > Die e-Mail-Boxes von Brennercom sind Virus-gesichert
> und Spam-gefiltert.
> > Le caselle e-Mail di Brennercom sono protette da
> sistemi antivirus e
> > antispam.
> > 
> > http://www.brennercom.it
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
> > 
> 
> -- 
> NEU : GMX Internet.FreeDSL
> Ab sofort DSL-Tarif ohne Grundgebühr:
> http://www.gmx.net/dsl
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
> 

--
Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert.
Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.

http://www.brennercom.it