[syslog-ng] Losing TAG information

SOLIS, ALEX asolis at oppd.com
Thu Jun 22 19:48:19 CEST 2006 

It expected a regex and I wasn't sure what to put so I used:

bad_hostname(".");

The logic here being that syslog-ng would apply the bad hostname rule to
all syslog messages.  It seems to work.  Please correct me if I am using
this incorrectly.

Alex


-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Nate Campi
Sent: Thursday, June 22, 2006 12:41 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Losing TAG information

On Thu, Jun 22, 2006 at 08:14:17AM -0500, SOLIS, ALEX wrote:
> 
>  My packet captures have revealed that
> the hostnames are intact, except they have the string "Message
forwarded
> from host" in front of it.  Then a colon and then TAG information.
Here
> is what my captured packet actually looked like:
> 
> 0000   00 0d 60 b6 71 10 00 09 e8 b0 9e a1 08 00 45 00
..`.q.........E.
> 0010   00 6e 75 f0 00 00 1d 11 a0 8d 0a 18 36 0a 0a 18
.nu.........6...
> 0020   3c c8 86 6a 02 02 00 5a a4 06 3c 31 31 3e 4a 75
<..j...Z..<11>Ju
> 0030   6e 20 31 33 20 31 34 3a 32 37 3a 35 30 20 4d 65  n 13 14:27:50
Me
> 0040   73 73 61 67 65 20 66 6f 72 77 61 72 64 65 64 20  ssage
forwarded 
> 0050   66 72 6f 6d 20 61 64 64 61 3a 20 74 65 73 74 69  from adda:
testi
> 0060   6e 67 20 3a 20 54 65 73 74 69 6e 67 20 5e 3f 67  ng : Testing
^?g
> 0070   67 67 67 67 67 67 67 67 67 67 67 20              ggggggggggg
> 
> As you can see the hostname is there, just not alone.  What goes on to
> this packet with the bad_hostname() option turned on as opposed to
off.

What did you actually put into bad_hostname()?
-- 
Nate

God does not play dice.
            -- Einstein

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html


This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient.  Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance.  If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

More information about the syslog-ng mailing list