[syslog-ng] syslog-ng and ntsyslog
Robert Fekete
frobert at balabit.com
Tue Oct 12 20:10:55 CEST 2010
Hi,
I am not very well-versed in Windows logs, so I might misunderstand
something, but if the problem is that the log message is truncated on
the syslog-ng server, you have to increase the log_msg_size option
further, 8192 is the default value of the log_msg_size option.
Regards,
Robert
On 10/12/2010 04:02:10 PM, Fiorenzi Alessandro wrote:
> Hi,
> We have syslog-ng 3.05 as log server, and datagram syslog agent on
> windows system (originary ntsyslog)
> form e windows 2003 server with syslogagent configure I have this
> event on eventviewer
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 538
> Date: 10/12/2010
> Time: 12:26:43 PM
> User: DOMAINXXX\A.Fiorenzi
> Computer: XXXXXX
> Description:
> User Logoff:
> User Name: A.Fiorenzi
> Domain: DOMAINXXX
> Logon ID: (0x0,0xF78F137)
> Logon Type: 10
>
>
> and on syslog-ng server i get this:
>
>
> Oct 12 12:26:43 XXXXXX security[success]: 538 DOMAINXXX\a.fiorenzi
> User Logoff User Name: A.Fiorenz Domain:
> DOMAINXX Logo
> n ID: (0x0,0xF78F137 Logon Type: 1
>
>
> where the descrition field has UserName, Domain, logon ID an Logon
> Type cutted.
>
> I have record the network traffic via tcpdump and I have seen data
> arrive correctly.
> So have set in syslog-ng.conf options the statement
> log_msg_size(8192);
> The problem is still open and I do not know how to solve, anyone can
> help me?
>
>
>
> Alessandro Fiorenzi
>
> Prima di stampare, pensa all'ambiente ** Think about the environment
> before printing
>
> ________________________________
> Il presente messaggio, inclusi gli eventuali allegati, ha natura
> aziendale e potrebbe contenere informazioni confidenziali e/o
> riservate. Chiunque lo ricevesse per errore, ? pregato di avvisare
> tempestivamente il mittente e di cancellarlo.
> E' strettamente vietata qualsiasi forma di utilizzo, riproduzione o
> diffusione non autorizzata del contenuto di questo messaggio o di
> parte di esso.
> Pur essendo state assunte le dovute precauzioni per ridurre al minimo
> il rischio di trasmissione di virus, si suggerisce di effettuare gli
> opportuni controlli sui documenti allegati al presente messaggio. Non
> si assume alcuna responsabilit? per eventuali danni o perdite
> derivanti dalla presenza di virus.
>
> ***
> This email (including any attachment) is a corporate message and may
> contain confidential and/or privileged and/or proprietary
> information.
> If you have received this email in error, please notify the sender
> immediately, do not use or share it and destroy this email. Any
> unauthorised use, copying or disclosure of the material in this email
> or of parts hereof (including reliance thereon) is strictly
> forbidden.
> We have taken precautions to minimize the risk of transmitting
> software viruses but nevertheless advise you to carry out your own
> virus checks on any attachment of this message. We accept no
> liability
> for loss or damage caused by software viruses.
> For the conduct of investment business in the UK, the Company is
> authorized by Bank of Italy and regulated by the Financial Services
> Authority.
>
------quoted attachment------
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list