[syslog-ng] [Bug 171] New: Unwanted IP adress Folder

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Thu Mar 29 13:33:34 CEST 2012 

https://bugzilla.balabit.com/show_bug.cgi?id=171

           Summary: Unwanted IP adress Folder
           Product: syslog-ng
           Version: 3.1.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: julien.groselle at gmail.com
Type of the Report: bug
   Estimated Hours: 0.0


Hi,

I work for a lange society, and we use syslog-ng for 5 years now.
We have a centralized server with storage tank to keep logs securly.

Concretely, we have 2 centralized servers syslog-ng in chrooted environement, and 50 clients servers.

Since we use TLS transport in place of stunnel workaround, we have many issues : 
- First of all, many logs aren't writen in $HOST folder but in IPADDRESS folder. So, to be clear, this is an exemple :
# ls
drwxr-x---   8 root adm      4,0K  1 mars  00:07 10.0.0.1
drwxr-x---  53 root adm      4,0K 19 mars  00:35 host1

I assume that host1 have 10.0.0.1 IP address and 

# tree 192.168.100.79/2012-03/
10.0.0.1/2012-03/
├── 02-user-10.0.0.1.log.bz2
├── 06-user-10.0.0.1.log.bz2
├── 07-user-10.0.0.1.log.bz2
├── 08-user-10.0.0.1.log.bz2
├── 09-user-10.0.0.1.log.bz2
├── 12-user-10.0.0.1.log.bz2
├── 13-user-10.0.0.1.log.bz2
├── 14-user-10.0.0.1.log.bz2
├── 15-user-10.0.0.1.log.bz2
├── 16-user-10.0.0.1.log.bz2
└── 19-user-10.0.0.1.log

# tree host1/2012-03/ |grep 19-
├── 19-apache.access-host1.log
├── 19-apache.error-host1.log
├── 19-authpriv-host1.log
├── 19-auth-host1.log
├── 19-cron-host1.log
├── 19-daemon-host1.log
├── 19-kern-host1.log
├── 19-mail-host1.log
├── 19-nagios-host1.log
├── 19-puppetd-host1.log
├── 19-syslog-host1.log
└── 19-user-host1.log

(we have this problem with many servers)
In facility "user" for host 10.0.0.1 in fact i have log for snmptrapd... But why ??

We have config for snmpd but not for snmptrapd... 
So i have tried to define a default facility => failed
After i have tried many dns and hostnames options => failed

As anyone here have a way to search for me ?
If you need more details, i'm your's.

Kind regards.
--
JG


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list