[syslog-ng] malformed syslog packets?
Matt Zagrabelny
mzagrabe at d.umn.edu
Mon Aug 29 23:20:51 CEST 2011
Hi!
I've got a central log server running the OSE 3.1.3 version of syslog-ng:
dpkg -l syslog-ng
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Description
+++-========================================-========================================-================================================================================================
ii syslog-ng 3.1.3-3
Next generation logging daemon
I have dns lookup turned on via:
options {
use_dns(yes);
dns_cache(2000);
dns_cache_expire(87600);
};
And this seems to work just fine...except for a certain type of device
on our network.
We have a number of UPSes that log to our central log server and it
seems that the dns look ups do not work for those (types of devices).
% cd /var/log/syslog-ng/remote_clients
% ls -d 10.*
10.25.32.4 10.25.5.15 10.25.5.19 10.25.5.26 10.25.5.35 10.25.5.4
10.25.5.44 10.25.5.51 10.25.5.6 10.25.5.65 10.25.5.69
10.25.5.76
10.25.5.1 10.25.5.16 10.25.5.2 10.25.5.27 10.25.5.36 10.25.5.40
10.25.5.49 10.25.5.52 10.25.5.60 10.25.5.66 10.25.5.7
10.25.5.79
10.25.5.10 10.25.5.17 10.25.5.20 10.25.5.28 10.25.5.37 10.25.5.41
10.25.5.5 10.25.5.55 10.25.5.61 10.25.5.67 10.25.5.72
10.25.5.81
10.25.5.14 10.25.5.18 10.25.5.23 10.25.5.3 10.25.5.38 10.25.5.43
10.25.5.50 10.25.5.58 10.25.5.62 10.25.5.68 10.25.5.75 10.25.5.9
When I look up those IP addresses, they are *all* APC batteries (UPSes).
For instance:
% dig -x 10.25.5.43 +short
kplz246Abat1.d.umn.edu.
Is it possible that they are sending some sort of munged data to the
log server and syslog-ng is not able to perform the (reverse) name
lookup?
Any advice?
Thanks, much!
-Matt Zagrabelny
More information about the syslog-ng
mailing list