[syslog-ng] RFC-5424 configuration with IPV6 is not working

venkateswarlu vinjamuri venkates.vin at gmail.com
Fri Sep 28 09:43:41 UTC 2018 

Thanks for your reply,

For *non RFC-5424* format, IPV6 config is as below and is working fine,
with syslog-ng-3.3.7 version
*destination df_remote_0 {udp6("::1");};*
Hence we tried with the below config for RFC-5424 with IPV6:
*destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you
mentioned there is no such protocol, which I agree with you.

To let you know that, we have installed latest version of syslog-ng and the
configuration mentioned by you as below is working.
*destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};*
But this same config is not working in syslog-ng-3.3.7 verision with
RFC-5424.format and IPV6.

My question is :
*In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?*
*If so could you please share the config ?*

Please share you inputs for the version syslog-ng-3.3.7.?

Thanks & Regards,
V/

On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <peter.kokai at oneidentity.com>
wrote:

> Hello,
>
> I do not really have 3.3.7 version at my hand, so I did not really dig in
> if that version supports or not. Well it seems it is from v3.4.1, for this
> option you have to update at least to that.
>
> I do not see a reason why won't it work, and you could use stuff like
> system() source.
>
> --
> Kokan
>
> On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <
> venkates.vin at gmail.com> wrote:
>
>> Thanks kokan for your reply,
>>
>> I am getting the below error after making the change as you suggested
>> *destination df_remote_0 {syslog("::1" transport("udp")
>> ip-protocol(6));};*
>>
>> Error:
>> =====
>> Error parsing afsocket, inner-dest plugin ip-protocol not found in
>> /etc/syslog-ng/syslog-ng.conf at line 45, column 78:
>> destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
>>
>> ^^^^^^^^^^^
>> Please suggest.
>>
>> Regards,
>> V/
>>
>> On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <peter.kokai at oneidentity.com>
>> wrote:
>>
>>> Hello,
>>>
>>> The error message lists the correct transport methods: *please use one
>>> of udp, tcp, or tls;*
>>> There is no such option udp6, you could use specify ipv6 via
>>> ip-protocol(4/6)
>>>
>>> All together syslog("::1" transport("udp") ip-protocol(6)); should work.
>>>
>>> --
>>> Kokan
>>>
>>> On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <
>>> venkates.vin at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> *issue*: syslog-ng is not starting if we configure IPV6 IP along with
>>>> RFC-5424 format
>>>> Using below command to run syslog-ng:
>>>> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R
>>>> /var/syslog-ng.persist -p /var/syslog-ng.pid
>>>>
>>>> Getting the below error:
>>>> ------------------------------
>>>>
>>>> *syslog-ng: Error changing to Unknown syslog transport specified,
>>>> please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
>>>>
>>>> Could anyone please let me know what should be the configuration in
>>>> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
>>>>
>>>> we are using syslog-ng-3.3.7 version.
>>>>
>>>> *If the below configuration is correct, will it work if we upgrade to
>>>> newer version with the below configuration?*
>>>>
>>>> I am using the below configuration in syslog-ng.conf:
>>>> ========================================
>>>> options {
>>>>   stats_freq (0);
>>>>   flush_lines (0);
>>>>   time_reopen (10);
>>>>   log_fifo_size (10000);
>>>>   chain_hostnames (off);
>>>>   use_dns (no);
>>>>   create_dirs (no);
>>>>   keep_hostname (no);
>>>>   perm(0640);
>>>>   group("root");
>>>> };
>>>>
>>>>
>>>> # sources
>>>> source s_all {
>>>>  internal();
>>>> unix-stream("/dev/log");
>>>> file("/proc/kmsg" program_override("kernel: "));
>>>>  };
>>>>
>>>>
>>>> filter f_remote { facility(local7); };
>>>> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
>>>> transport("udp6"));};
>>>> log { source(s_all); filter(f_remote); destination(df_remote_0
>>>>
>>>> Please help if there is any issue in the above configuration?
>>>>
>>>> Regards,
>>>> V/
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180928/7c4b08ff/attachment-0001.html>

More information about the syslog-ng mailing list