[syslog-ng]funny character is being inserted into each log line + perm(-1) n ot working

Clemson, Chris syslog-ng@lists.balabit.hu
Wed, 7 Jan 2004 10:41:58 -0000 

I am having a problem with logging from a Cisco PIX firewall to a syslog-ng
file.
For months it has been working fine, but something happened on 18th
december:

Dec 18 16:08:25 BPFpix-int Dec 18 2003 08:53:15: %PIX-3-313001: Denied ICMP
type=8, code=0 from 217.81.176.93 on interface 0
Dec 18 09:46:50^@ BPFpix-int %PIX-3-313001: Denied ICMP type=8, code=0 from
217.79.97.90 on interface 0

all the lines logged since "Dec 18 09:46:50" have all had that ^@ code after
it, and no date.
i don't know why the times on the previous line are different, but the
syslog server now has our "official" time, so i'm not that bothered.

Around this time i was trying to sort out the permissions problems with
/dev/ files i was having when syslog-ng restarted, so i guess this could be
connected.

This ^@ character is only in the PIX firewall log (which is saved to a
different file than most of the other syslog messages).

The pertinent config lines are as follows:

destination null { file("/dev/null" perm(0666)); };
source BPFpix { udp(ip ("192.168.1.2") port(514)); };
filter f_bpfpixpingdrop { host ("BPFpix") and match("Denied ICMP"); };

# BPFpix messages
#
destination BPFpixlog { file ("/var/log/BPFpix"); };
log { source(BPFpix); destination(BPFpixlog); };
# drop ping attempts
log { source(BPFpix); filter (f_bpfpixpingdrop); destination(null);
flags(final);};
# log the rest
log { source(BPFpix); destination(lanmon); };

the "lanmon" destination is a machine that emails certain syslog messages,
and because the PIX messages have a ^@ in them, the messages are mainly
blank!

Can anyone tell me where this ^@ is coming from, and could it be permissions
related?
i am running syslog-ng 1.6.0rc4.

also, i really want that first line to read:

destination null { file("/dev/null" perm(-1)); };

so that no permissions are changed on that file, but syslog-ng complains
about it when i start it up.
What am i doing wrong?

thank you!

chris

-- 
The content of this e-mail is confidential, may contain privileged material
and is intended solely for the recipient(s) named above. If you receive this
in error, please notify Software AG immediately and delete this e-mail.

Software AG (UK) Limited
Registered in England & Wales 1310740
Registered Office: Hudson House, Hudson Way,
Pride Park, Derby DE24 8HS