[syslog-ng] hostname not appearing correctly when receiving logs from switches

Ronald Fenner rfenner at gamecircus.com
Wed May 2 05:01:17 UTC 2018 

For me the original showed up in my junk folder for some reason, so thats probably where it is in yours.

Ronald Fenner
Network Architect
Game Circus LLC.

rfenner at gamecircus.com

> On May 1, 2018, at 7:45 PM, Scheidler, Balázs <balazs.scheidler at balabit.com> wrote:
> 
> Interesting that I saw this message the first time in your response, and not the original one.
> 
> Anyhow, to understand the problem we would need an exact byte-by-byte representation of what syslog-ng is receiving from the switch together with the configuration that is used to process it. A tcpdump or an "Incoming message" from syslog debug outout should work.
> 
> We haven't intentionally changed the syslog parser as far as I remember.
> 
> On May 1, 2018 22:50, "Clayton Dukes" <cdukes at logzilla.net <mailto:cdukes at logzilla.net>> wrote:
> Interesting! We’ve been getting a lot of support tickets for this very problem.
> 
> I can easily recreate the issue.
> 
>  
> 
> Balabit Team: is this a new bug?
> 
>  
> 
>  
> 
>  
> 
> <image001.png>
> 
>  
> 
> Clayton Dukes
> 
> Founder & CEO
> 
> LogZilla Corporation
> 2900 N. Quinlan Park Rd <https://maps.google.com/?q=2900+N.+Quinlan+Park+Rd&entry=gmail&source=g>, B240-341
> Austin, TX, 78732
> 
> Tel: 936-4NetOps (463-8677) 
> 
> Web: www.logzilla.net <http://www.logzilla.net/>
> <image002.png> <https://twitter.com/logzilla><image003.png> <https://youtu.be/drg5wv_mgfA><image004.png> <https://www.linkedin.com/in/lzcdukes/>
>  
> 
> For NetOps, By NetOps!
> 
>  
> 
>  
> 
>  
> 
>  
> 
> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Joshua <aces621 at yahoo.com <mailto:aces621 at yahoo.com>>
> Reply-To: Joshua <aces621 at yahoo.com <mailto:aces621 at yahoo.com>>, Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
> Date: Monday, April 30, 2018 at 7:09 PM
> To: "syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>" <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
> Subject: [Suspected Spam] [syslog-ng] hostname not appearing correctly when receiving logs from switches
> 
>  
> 
> Hi All, <>
>  
> 
> I am pretty new to syslog-ng but do have some basic knowledge. I have deployed syslog-ng v3.14 on a newly deployed Linux server because syslog-ng v3.5 is working very well on another syslog server. 
> 
>  
> 
> On this new deployment, the syslogs received from most of the servers are able to show IP/host, however, the syslogs from our switches contains IP/host showing as ":" (colons). I copied the current working custom build .conf from another syslog server into our new server. Can someone help me figure out what I am missing? It is working for some components but not for switches. I tested the same switch by sending syslog to another syslog server and the hostname is appearing but just not appearing on the new syslog server. The only difference between the two server is that one uses v3.5 (the working one) and the other uses syslog-ng v3.14.
> 
>  
> 
> I have set: "keep_hostname (yes)" but it still doesn't work.
> 
>  
> 
> Can someone please help? Am I missing something here?
> 
>  
> 
> Thanks
> 
> Joshua Lai 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180502/b7e22ff6/attachment.html>

More information about the syslog-ng mailing list