[syslog-ng] syslog-ng and ntsyslog

Matthew Hall mhall at mhcomputing.net
Tue Oct 12 21:54:47 CEST 2010 

Just increase it to 65535, the maximum UDP packet size, and see if that 
fixes your issue.

Matthew.

On Tue, Oct 12, 2010 at 08:10:55PM +0200, Robert Fekete wrote:
> Hi, 
> 
> I am not very well-versed in Windows logs, so I might misunderstand 
> something, but if the problem is that the log message is truncated on 
> the syslog-ng server, you have to increase the log_msg_size option 
> further, 8192 is the default value of the log_msg_size option.
> 
> Regards, 
> 
> Robert
> 
> On 10/12/2010 04:02:10 PM, Fiorenzi Alessandro wrote:
> > Hi,
> > We have syslog-ng 3.05 as log server, and datagram syslog agent on
> > windows system  (originary ntsyslog)
> > form e windows 2003 server with syslogagent configure I have this
> > event on eventviewer
> > 
> > Event Type:       Success Audit
> > Event Source:   Security
> > Event Category:               Logon/Logoff
> > Event ID:             538
> > Date:                    10/12/2010
> > Time:                    12:26:43 PM
> > User:                    DOMAINXXX\A.Fiorenzi
> > Computer:         XXXXXX
> > Description:
> > User Logoff:
> >                 User Name:       A.Fiorenzi
> >                 Domain:                              DOMAINXXX
> >                 Logon ID:                            (0x0,0xF78F137)
> >                 Logon Type:       10
> > 
> > 
> > and on syslog-ng server i get this:
> > 
> > 
> > Oct 12 12:26:43 XXXXXX security[success]: 538 DOMAINXXX\a.fiorenzi
> > User Logoff        User Name:      A.Fiorenz       Domain:        
> > DOMAINXX        Logo
> > n ID:           (0x0,0xF78F137  Logon Type:     1
> > 
> > 
> > where the descrition field has UserName, Domain, logon ID an Logon
> > Type cutted.
> > 
> > I have record the network traffic via tcpdump and I have seen data
> > arrive correctly.
> > So have set in syslog-ng.conf options the statement
> > log_msg_size(8192);
> > The problem is still open and I do not know how to solve, anyone can
> > help me?
> > 
> > 
> > 
> > Alessandro Fiorenzi
> > 
> > Prima di stampare, pensa all'ambiente ** Think about the environment
> > before printing
> > 
> > ________________________________
> > Il presente messaggio, inclusi gli eventuali allegati, ha natura
> > aziendale e potrebbe contenere informazioni confidenziali e/o
> > riservate. Chiunque lo ricevesse per errore, ? pregato di avvisare
> > tempestivamente il mittente e di cancellarlo.
> > E' strettamente vietata qualsiasi forma di utilizzo, riproduzione o
> > diffusione non autorizzata del contenuto di questo messaggio o di
> > parte di esso.
> > Pur essendo state assunte le dovute precauzioni per ridurre al minimo
> > il rischio di trasmissione di virus, si suggerisce di effettuare gli
> > opportuni controlli sui documenti allegati al presente messaggio. Non
> > si assume alcuna responsabilit? per eventuali danni o perdite
> > derivanti dalla presenza di virus.
> > 
> > ***
> > This email (including any attachment) is a corporate message and may
> > contain confidential and/or privileged and/or proprietary 
> > information.
> > If you have received this email in error, please notify the sender
> > immediately, do not use or share it and destroy this email. Any
> > unauthorised use, copying or disclosure of the material in this email
> > or of parts hereof (including reliance thereon) is strictly
> > forbidden.
> > We have taken precautions to minimize the risk of transmitting
> > software viruses but nevertheless advise you to carry out your own
> > virus checks on any attachment of this message. We accept no 
> > liability
> > for loss or damage caused by software viruses.
> > For the conduct of investment business in the UK, the Company is
> > authorized by Bank of Italy and regulated by the Financial Services
> > Authority.
> > 
> 
> ------quoted attachment------
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?
> > product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> > 
> > 
> 
> 
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list