[syslog-ng]UDP messages logged with localhost
Steven S.
syslog-ng@lists.balabit.hu
Fri, 21 May 2004 15:29:00 -0400
Whoops! I forgot to mention that timestamps for local messages (i.e.
non-udp) are correct. Only those timestamps received via the network seem
wrong.
-Steve S.
Bobby Johnson wrote:
> The time difference could be the hardware clock or local system. Is
> either syslog chrooted? I had this problem with apache. I needed to
> put something into the chrooted dir. Some libraries or the date
> command? I don't remember.
>
> Bobby
>
>
> On Thu, 20 May 2004 21:40:24 -0400
> "Steven S." <ssurdock@engineered-net.com> wrote:
>
>> OK, so let's try one problem at time;-)
>>
>> When logging udp message the "host" tag is being listed as local host
>> and the time is incorrect. Here is a sample of two different syslog
>> runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5
>> syslogd. The host "logger01" is the name of the localhost, not a
>> reverse of 172.16.10.20. Also these runs were taken seconds apart yet
>> the timestamps are 11 hours apart.
>>
>> Any insight would be appreciated.
>>
>> ...running syslog-ng
>> May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src
>> outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group
>> "outside_access_in"
>> May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src
>> outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group
>> "outside_access_in"
>>
>> ...running syslogd on OpenBSD 3.5-stable/sparc64
>> May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023:
>> Deny
>> udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by
>> access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19
>> 2004 00:33:39: %PIX-4-106023: Deny udp src outside:210.12.158.85/1243
>> dst inside:10.1.2.15/1434 by access-group "outside_access_in"
>>