[syslog-ng] RFC-5424 configuration with IPV6 is not working

Tue Oct 9 17:11:58 UTC 2018

Hi Kokan,

Thanks for your help and support, the change is working fine now.
Thanks a lot.

Also I have another issue with syslog-ng 3.3.7 version:
------------------------------------------------------------------------
*when configured both IPV4 and IPV6 syslog server IP's, I could see
syslog-ng messages going to only one either IPV4 or IPV6 syslog-ng server
and that too the latest server IP configured only.*

Is there any known issue ?
struggling from a long time for this issue also . Please help me on this.

Regards,
Venkat.

On Mon, Oct 1, 2018 at 10:10 AM venkateswarlu vinjamuri <
venkates.vin at gmail.com> wrote:

> Hi kokan,
> Thanks for your quick response.
> Will test the same and get back..
>
> Regards
> Venkat
>
>
> On Sat 29 Sep, 2018, 15:34 Péter, Kókai, <peter.kokai at oneidentity.com>
> wrote:
>
>> Hello,
>>
>> Sorry to keep you hanging there. You could use *template* to get any kind
>> of format you want, but for syslog there is also a flags option. Simply
>> udo6( ... flags(syslog-protocol)); should be the same as syslog(...);
>>
>>
>> --
>> Kokan
>>
>> On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri <
>> venkates.vin at gmail.com> wrote:
>>
>>> HI Kokan,
>>> Could you please let me the info for my previous email?
>>>
>>>
>>> Regards,
>>> V/
>>>
>>> On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri <
>>> venkates.vin at gmail.com> wrote:
>>>
>>>> Thanks for your reply,
>>>>
>>>> For *non RFC-5424* format, IPV6 config is as below and is working
>>>> fine, with syslog-ng-3.3.7 version
>>>> *destination df_remote_0 {udp6("::1");};*
>>>> Hence we tried with the below config for RFC-5424 with IPV6:
>>>> *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and
>>>> you mentioned there is no such protocol, which I agree with you.
>>>>
>>>> To let you know that, we have installed latest version of syslog-ng and
>>>> the configuration mentioned by you as below is working.
>>>> *destination df_remote_0 {syslog(":1" transport("udp")
>>>> ip-protocol(6));};*
>>>> But this same config is not working in syslog-ng-3.3.7 verision with
>>>> RFC-5424.format and IPV6.
>>>>
>>>> My question is :
>>>> *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?*
>>>> *If so could you please share the config ?*
>>>>
>>>> Please share you inputs for the version syslog-ng-3.3.7.?
>>>>
>>>> Thanks & Regards,
>>>> V/
>>>>
>>>> On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <
>>>> peter.kokai at oneidentity.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I do not really have 3.3.7 version at my hand, so I did not really dig
>>>>> in if that version supports or not. Well it seems it is from v3.4.1, for
>>>>> this option you have to update at least to that.
>>>>>
>>>>> I do not see a reason why won't it work, and you could use stuff like
>>>>> system() source.
>>>>>
>>>>> --
>>>>> Kokan
>>>>>
>>>>> On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <
>>>>> venkates.vin at gmail.com> wrote:
>>>>>
>>>>>> Thanks kokan for your reply,
>>>>>>
>>>>>> I am getting the below error after making the change as you suggested
>>>>>> *destination df_remote_0 {syslog("::1" transport("udp")
>>>>>> ip-protocol(6));};*
>>>>>>
>>>>>> Error:
>>>>>> =====
>>>>>> Error parsing afsocket, inner-dest plugin ip-protocol not found in
>>>>>> /etc/syslog-ng/syslog-ng.conf at line 45, column 78:
>>>>>> destination df_remote_0 {syslog(":1" transport("udp")
>>>>>> ip-protocol(6));};
>>>>>>
>>>>>> ^^^^^^^^^^^
>>>>>> Please suggest.
>>>>>>
>>>>>> Regards,
>>>>>> V/
>>>>>>
>>>>>> On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <
>>>>>> peter.kokai at oneidentity.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> The error message lists the correct transport methods: *please use
>>>>>>> one of udp, tcp, or tls;*
>>>>>>> There is no such option udp6, you could use specify ipv6 via
>>>>>>> ip-protocol(4/6)
>>>>>>>
>>>>>>> All together syslog("::1" transport("udp") ip-protocol(6)); should
>>>>>>> work.
>>>>>>>
>>>>>>> --
>>>>>>> Kokan
>>>>>>>
>>>>>>> On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <
>>>>>>> venkates.vin at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> *issue*: syslog-ng is not starting if we configure IPV6 IP along
>>>>>>>> with RFC-5424 format
>>>>>>>> Using below command to run syslog-ng:
>>>>>>>> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R
>>>>>>>> /var/syslog-ng.persist -p /var/syslog-ng.pid
>>>>>>>>
>>>>>>>> Getting the below error:
>>>>>>>> ------------------------------
>>>>>>>>
>>>>>>>> *syslog-ng: Error changing to Unknown syslog transport specified,
>>>>>>>> please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
>>>>>>>>
>>>>>>>> Could anyone please let me know what should be the configuration in
>>>>>>>> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
>>>>>>>>
>>>>>>>> we are using syslog-ng-3.3.7 version.
>>>>>>>>
>>>>>>>> *If the below configuration is correct, will it work if we upgrade
>>>>>>>> to newer version with the below configuration?*
>>>>>>>>
>>>>>>>> I am using the below configuration in syslog-ng.conf:
>>>>>>>> ========================================
>>>>>>>> options {
>>>>>>>>   stats_freq (0);
>>>>>>>>   flush_lines (0);
>>>>>>>>   time_reopen (10);
>>>>>>>>   log_fifo_size (10000);
>>>>>>>>   chain_hostnames (off);
>>>>>>>>   use_dns (no);
>>>>>>>>   create_dirs (no);
>>>>>>>>   keep_hostname (no);
>>>>>>>>   perm(0640);
>>>>>>>>   group("root");
>>>>>>>> };
>>>>>>>>
>>>>>>>>
>>>>>>>> # sources
>>>>>>>> source s_all {
>>>>>>>>  internal();
>>>>>>>> unix-stream("/dev/log");
>>>>>>>> file("/proc/kmsg" program_override("kernel: "));
>>>>>>>>  };
>>>>>>>>
>>>>>>>>
>>>>>>>> filter f_remote { facility(local7); };
>>>>>>>> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
>>>>>>>> transport("udp6"));};
>>>>>>>> log { source(s_all); filter(f_remote); destination(df_remote_0
>>>>>>>>
>>>>>>>> Please help if there is any issue in the above configuration?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> V/
>>>>>>>>
>>>>>>>> ______________________________________________________________________________
>>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>>> Documentation:
>>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>>
>>>>>>>>
>>>>>>> ______________________________________________________________________________
>>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>>> Documentation:
>>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>>
>>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181009/e2da78dc/attachment.html>