[syslog-ng] hostname not appearing correctly when receiving logs from switches

Wed May 2 00:45:05 UTC 2018

Interesting that I saw this message the first time in your response, and
not the original one.

Anyhow, to understand the problem we would need an exact byte-by-byte
representation of what syslog-ng is receiving from the switch together with
the configuration that is used to process it. A tcpdump or an "Incoming
message" from syslog debug outout should work.

We haven't intentionally changed the syslog parser as far as I remember.

On May 1, 2018 22:50, "Clayton Dukes" <cdukes at logzilla.net> wrote:

> Interesting! We’ve been getting a lot of support tickets for this very
> problem.
>
> I can easily recreate the issue.
>
>
>
> Balabit Team: is this a new bug?
>
>
>
>
>
>
>
> *[image: cid:image001.png at 01D306E3.0FEBC990]*
>
>
>
> *Clayton Dukes*
>
> Founder & CEO
>
> LogZilla Corporation
> 2900 N. Quinlan Park Rd
> <https://maps.google.com/?q=2900+N.+Quinlan+Park+Rd&entry=gmail&source=g>,
> B240-341
> Austin, TX, 78732
>
> Tel: 936-4NetOps (463-8677)
>
> Web: www.logzilla.net
>
> [image: cid:image002.png at 01D306E3.0FEBC990] <https://twitter.com/logzilla>[image:
> cid:image003.png at 01D306E3.0FEBC990] <https://youtu.be/drg5wv_mgfA>[image:
> cid:image004.png at 01D306E3.0FEBC990]
> <https://www.linkedin.com/in/lzcdukes/>
>
>
>
> *For NetOps, By NetOps!*
>
>
>
>
>
>
>
>
>
> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> Joshua <aces621 at yahoo.com>
> *Reply-To: *Joshua <aces621 at yahoo.com>, Syslog-ng users' and developers'
> mailing list <syslog-ng at lists.balabit.hu>
> *Date: *Monday, April 30, 2018 at 7:09 PM
> *To: *"syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
> *Subject: *[Suspected Spam] [syslog-ng] hostname not appearing correctly
> when receiving logs from switches
>
>
>
> Hi All,
>
>
>
> I am pretty new to syslog-ng but do have some basic knowledge. I have
> deployed syslog-ng v3.14 on a newly deployed Linux server because syslog-ng
> v3.5 is working very well on another syslog server.
>
>
>
> On this new deployment, the syslogs received from most of the servers are
> able to show IP/host, however, the syslogs from our switches contains
> IP/host showing as ":" (colons). I copied the current working custom build
> .conf from another syslog server into our new server. Can someone help me
> figure out what I am missing? It is working for some components but not for
> switches. I tested the same switch by sending syslog to another syslog
> server and the hostname is appearing but just not appearing on the new
> syslog server. The only difference between the two server is that one uses
> v3.5 (the working one) and the other uses syslog-ng v3.14.
>
>
>
> I have set: "keep_hostname (yes)" but it still doesn't work.
>
>
>
> Can someone please help? Am I missing something here?
>
>
>
> Thanks
>
> *Joshua Lai*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/a7853095/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6535 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/a7853095/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1814 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/a7853095/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1910 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/a7853095/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2262 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/a7853095/attachment-0007.png>