[syslog-ng]Netscreen fw logs not piped in mysql

Christian Janssen syslog-ng@lists.balabit.hu
Mon, 25 Apr 2005 17:59:08 +0100 

Hi,=20

I'm close to give up and have following problem:

* Netscreen Firewalls (Screen OS 5.1r3 & 4.1)
* Syslog-ng [&php-syslog-ng]
  My System is Debian sarge, syslog-ng 1.6.5

a) Unix syslog entries are stored correctly in mysql database (and
textfile) all seems fine !

b) Netscreen syslog infos are logged as expected in txt file (see attach)

c) [PROBLEM] but logging in mysql are not working, got following
message from my pipe script

     ERROR at line 1: Unknown command '\"'.
     ERROR at line 1: Unknown command '\"'.
     ERROR at line 1: Unknown command '\"'.

Maybe a truncating problem ?

Seems related to following questions, but unfortunately never found a solut=
ion
  https://lists.balabit.hu/pipermail/syslog-ng/2004-November/006678.html
  http://www.experts-exchange.com/Security/Unix_Security/Q_21077259.html
  http://www.netscreenforum.com/viewtopic.php?t=3D1209&highlight=3Dsyslogng

I followed mostly these instructions:
   http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG

Hope somebody can help me and have an idea or solution.
Many thanks in advance

Cheers
Christian=20


----------------------------------------------------
e.g. syslog
Apr 25 14:08:38 172.29.8.2 co-gw: NetScreen device_id=3Dco-gw=20
system-notification-00257(traffic): start_time=3D"2005-04-25 13:08:37"
duration=3D0 policy_id=3D320001 service=3Dudp/port:1985 proto=3D17 src
zone=3DNull dst zone=3Dself action=3DDeny sent=3D0 rcvd=3D48 src=3D195.122.=
33.7
dst=3D224.0.0.2 src_
Apr 25 14:08:38 196.35.45.2 co-gw: NetScreen device_id=3Dco-gw=20
system-notification-00257(traffic): start_time=3D"2005-04-25 13:08:37"
duration=3D0 policy_id=3D320001 service=3Dproto:88/port:0 proto=3D88 src
zone=3DNull dst zone=3Dself action=3DDeny sent=3D0 rcvd=3D60 src=3D172.30.7=
.1
dst=3D224.0.0.10
----------------------------------------------------
or e.g. sep. file via filter

destination firewalls {=20
=09file("/var/log/netscreen");=20
};


filter f_firewalls { facility(local7); };

log {=20
        source(s_all);=20
        filter(f_firewalls);=20
        destination(firewalls);=20
};

Apr 25 17:45:06 172.29.5.163 ns5gt: NetScreen device_id=3Dns5gt=20
[Root]system-information-00524: SNMP request from an unknown SNMP
community  at 172.29.5.146:32862 has been received. (2005-04-25
17:57:41)
----------------------------------------------------