[syslog-ng] NG 6.0.9 UDP Forwarding & Spoof Source

SZIGETVÁRI János jszigetvari at gmail.com
Wed Apr 11 06:26:29 UTC 2018 

Dear Mark,

Judging from the version number, you seem to be using Syslog-ng Premium
Edition.
In case you have an active support contract, then I would recommend you to
contact BalaBit at https://support.balabit.com and open a new ticket about
this.

Thank you!

Kind regards,
János Szigetvári

--
Janos SZIGETVARI
RHCE, License no. 150-053-692
<https://www.redhat.com/rhtapps/verify/?certId=150-053-692>

__ at __˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp

2018-04-10 19:34 GMT+02:00 Schoonover, Mark E HHHH <
Mark.Schoonover at cigna.com>:

> Hello,
>
>
>
> I’m using NG to forward via UDP to QRadar platform. We’ve noticed that
> long messages get truncated to 1024 bytes. I thought it was because of
> forwarding using RFC3164 which has a limit of 1024 but forwarding using
> RFC5424 does not have a message limit. In the manual though for the
> spoof-source option there’s this warning:
>
>
>
> When using the spoof-source option, syslog-ng PE automatically truncates
> long messages to 1024 bytes, regardless
>
> of the settings of log-msg-size().
>
>
>
> Does this mean no matter what, the max UDP forwarded message spoofing the
> source is 1024 bytes regardless of RFC?
>
>
>
> Thanks!
>
>
>
> Regards,
>
>
>
> Mark Schoonover – KA6WKE
>
> Infrastructure Engineering Manager
>
> ENE   : Tools, Instrumentation and Common Services Team
>
> Office: 32.8697° N, 116.9711° W
>
> Phone : 770-261-7934
>
> Email : mark.schoonover at cigna.com
>
> *HPSM Team: ENE NMS Engineering*
>
>
>
> *Confidential, unpublished property of Cigna. Do not duplicate or
> distribute. Use and distribution limited solely to authorized personnel. ©
> Copyright 2018 Cigna.*
>
>
>
> ------------------------------------------------------------
> ------------------
> CONFIDENTIALITY NOTICE: If you have received this email in error,
> please immediately notify the sender by e-mail at the address shown.
> This email transmission may contain confidential information.  This
> information is intended only for the use of the individual(s) or entity to
> whom it is intended even if addressed incorrectly.  Please delete it from
> your files if you are not the intended recipient.  Thank you for your
> compliance.  Copyright (c) 2018 Cigna
> ============================================================
> ==================
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180411/ed4b1655/attachment.html>

More information about the syslog-ng mailing list