[syslog-ng] RFC-5424 configuration with IPV6 is not working

Péter, Kókai peter.kokai at oneidentity.com
Thu Sep 27 16:05:06 UTC 2018


Hello,

I do not really have 3.3.7 version at my hand, so I did not really dig in
if that version supports or not. Well it seems it is from v3.4.1, for this
option you have to update at least to that.

I do not see a reason why won't it work, and you could use stuff like
system() source.

--
Kokan

On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <
venkates.vin at gmail.com> wrote:

> Thanks kokan for your reply,
>
> I am getting the below error after making the change as you suggested
> *destination df_remote_0 {syslog("::1" transport("udp") ip-protocol(6));};*
>
> Error:
> =====
> Error parsing afsocket, inner-dest plugin ip-protocol not found in
> /etc/syslog-ng/syslog-ng.conf at line 45, column 78:
> destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
>
> ^^^^^^^^^^^
> Please suggest.
>
> Regards,
> V/
>
> On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <peter.kokai at oneidentity.com>
> wrote:
>
>> Hello,
>>
>> The error message lists the correct transport methods: *please use one of
>> udp, tcp, or tls;*
>> There is no such option udp6, you could use specify ipv6 via
>> ip-protocol(4/6)
>>
>> All together syslog("::1" transport("udp") ip-protocol(6)); should work.
>>
>> --
>> Kokan
>>
>> On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <
>> venkates.vin at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> *issue*: syslog-ng is not starting if we configure IPV6 IP along with
>>> RFC-5424 format
>>> Using below command to run syslog-ng:
>>> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R
>>> /var/syslog-ng.persist -p /var/syslog-ng.pid
>>>
>>> Getting the below error:
>>> ------------------------------
>>>
>>> *syslog-ng: Error changing to Unknown syslog transport specified, please
>>> use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
>>>
>>> Could anyone please let me know what should be the configuration in
>>> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
>>>
>>> we are using syslog-ng-3.3.7 version.
>>>
>>> *If the below configuration is correct, will it work if we upgrade to
>>> newer version with the below configuration?*
>>>
>>> I am using the below configuration in syslog-ng.conf:
>>> ========================================
>>> options {
>>>   stats_freq (0);
>>>   flush_lines (0);
>>>   time_reopen (10);
>>>   log_fifo_size (10000);
>>>   chain_hostnames (off);
>>>   use_dns (no);
>>>   create_dirs (no);
>>>   keep_hostname (no);
>>>   perm(0640);
>>>   group("root");
>>> };
>>>
>>>
>>> # sources
>>> source s_all {
>>>  internal();
>>> unix-stream("/dev/log");
>>> file("/proc/kmsg" program_override("kernel: "));
>>>  };
>>>
>>>
>>> filter f_remote { facility(local7); };
>>> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
>>> transport("udp6"));};
>>> log { source(s_all); filter(f_remote); destination(df_remote_0
>>>
>>> Please help if there is any issue in the above configuration?
>>>
>>> Regards,
>>> V/
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180927/6e2d028b/attachment-0001.html>


More information about the syslog-ng mailing list