[syslog-ng] RFC-5424 configuration with IPV6 is not working

venkateswarlu vinjamuri venkates.vin at gmail.com
Mon Oct 1 04:40:37 UTC 2018 

Hi kokan,
Thanks for your quick response.
Will test the same and get back..

Regards
Venkat


On Sat 29 Sep, 2018, 15:34 Péter, Kókai, <peter.kokai at oneidentity.com>
wrote:

> Hello,
>
> Sorry to keep you hanging there. You could use *template* to get any kind
> of format you want, but for syslog there is also a flags option. Simply
> udo6( ... flags(syslog-protocol)); should be the same as syslog(...);
>
>
> --
> Kokan
>
> On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri <
> venkates.vin at gmail.com> wrote:
>
>> HI Kokan,
>> Could you please let me the info for my previous email?
>>
>>
>> Regards,
>> V/
>>
>> On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri <
>> venkates.vin at gmail.com> wrote:
>>
>>> Thanks for your reply,
>>>
>>> For *non RFC-5424* format, IPV6 config is as below and is working fine,
>>> with syslog-ng-3.3.7 version
>>> *destination df_remote_0 {udp6("::1");};*
>>> Hence we tried with the below config for RFC-5424 with IPV6:
>>> *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you
>>> mentioned there is no such protocol, which I agree with you.
>>>
>>> To let you know that, we have installed latest version of syslog-ng and
>>> the configuration mentioned by you as below is working.
>>> *destination df_remote_0 {syslog(":1" transport("udp")
>>> ip-protocol(6));};*
>>> But this same config is not working in syslog-ng-3.3.7 verision with
>>> RFC-5424.format and IPV6.
>>>
>>> My question is :
>>> *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?*
>>> *If so could you please share the config ?*
>>>
>>> Please share you inputs for the version syslog-ng-3.3.7.?
>>>
>>> Thanks & Regards,
>>> V/
>>>
>>> On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <
>>> peter.kokai at oneidentity.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I do not really have 3.3.7 version at my hand, so I did not really dig
>>>> in if that version supports or not. Well it seems it is from v3.4.1, for
>>>> this option you have to update at least to that.
>>>>
>>>> I do not see a reason why won't it work, and you could use stuff like
>>>> system() source.
>>>>
>>>> --
>>>> Kokan
>>>>
>>>> On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <
>>>> venkates.vin at gmail.com> wrote:
>>>>
>>>>> Thanks kokan for your reply,
>>>>>
>>>>> I am getting the below error after making the change as you suggested
>>>>> *destination df_remote_0 {syslog("::1" transport("udp")
>>>>> ip-protocol(6));};*
>>>>>
>>>>> Error:
>>>>> =====
>>>>> Error parsing afsocket, inner-dest plugin ip-protocol not found in
>>>>> /etc/syslog-ng/syslog-ng.conf at line 45, column 78:
>>>>> destination df_remote_0 {syslog(":1" transport("udp")
>>>>> ip-protocol(6));};
>>>>>
>>>>> ^^^^^^^^^^^
>>>>> Please suggest.
>>>>>
>>>>> Regards,
>>>>> V/
>>>>>
>>>>> On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <
>>>>> peter.kokai at oneidentity.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> The error message lists the correct transport methods: *please use
>>>>>> one of udp, tcp, or tls;*
>>>>>> There is no such option udp6, you could use specify ipv6 via
>>>>>> ip-protocol(4/6)
>>>>>>
>>>>>> All together syslog("::1" transport("udp") ip-protocol(6)); should
>>>>>> work.
>>>>>>
>>>>>> --
>>>>>> Kokan
>>>>>>
>>>>>> On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <
>>>>>> venkates.vin at gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> *issue*: syslog-ng is not starting if we configure IPV6 IP along
>>>>>>> with RFC-5424 format
>>>>>>> Using below command to run syslog-ng:
>>>>>>> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R
>>>>>>> /var/syslog-ng.persist -p /var/syslog-ng.pid
>>>>>>>
>>>>>>> Getting the below error:
>>>>>>> ------------------------------
>>>>>>>
>>>>>>> *syslog-ng: Error changing to Unknown syslog transport specified,
>>>>>>> please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
>>>>>>>
>>>>>>> Could anyone please let me know what should be the configuration in
>>>>>>> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
>>>>>>>
>>>>>>> we are using syslog-ng-3.3.7 version.
>>>>>>>
>>>>>>> *If the below configuration is correct, will it work if we upgrade
>>>>>>> to newer version with the below configuration?*
>>>>>>>
>>>>>>> I am using the below configuration in syslog-ng.conf:
>>>>>>> ========================================
>>>>>>> options {
>>>>>>>   stats_freq (0);
>>>>>>>   flush_lines (0);
>>>>>>>   time_reopen (10);
>>>>>>>   log_fifo_size (10000);
>>>>>>>   chain_hostnames (off);
>>>>>>>   use_dns (no);
>>>>>>>   create_dirs (no);
>>>>>>>   keep_hostname (no);
>>>>>>>   perm(0640);
>>>>>>>   group("root");
>>>>>>> };
>>>>>>>
>>>>>>>
>>>>>>> # sources
>>>>>>> source s_all {
>>>>>>>  internal();
>>>>>>> unix-stream("/dev/log");
>>>>>>> file("/proc/kmsg" program_override("kernel: "));
>>>>>>>  };
>>>>>>>
>>>>>>>
>>>>>>> filter f_remote { facility(local7); };
>>>>>>> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
>>>>>>> transport("udp6"));};
>>>>>>> log { source(s_all); filter(f_remote); destination(df_remote_0
>>>>>>>
>>>>>>> Please help if there is any issue in the above configuration?
>>>>>>>
>>>>>>> Regards,
>>>>>>> V/
>>>>>>>
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation:
>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181001/9390a946/attachment.html>

More information about the syslog-ng mailing list