[syslog-ng] No remote logging with hostname which has address is IPv6

Laszlo Szemere (lszemere) Laszlo.Szemere at oneidentity.com
Fri Aug 28 11:12:11 UTC 2020


Hello Alex,
 thank you for the output. This part looks good. Unfortunately you have to explicitly enable the IPv6 protocol in the configuration. (Which will indicate that IPv4 will not work simultaneously.)

 Please add: "ip-protocol(6)" to your "d_hostnameIPv6_udp" destination.

destination d_hostnameIPv6_udp {
    syslog("dns6server" transport("udp") port(514) keep-alive(no)
        suppress(5)
        disk-buffer(
            mem-buf-size(2097152)
            disk-buf-size(4194304)
            reliable(yes)
            dir("/tmp")
            ip-protocol(6)
        )
    );
};


Best regards,
Laci

________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos at gmail.com>
Sent: Friday, August 28, 2020 13:06
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] No remote logging with hostname which has address is IPv6

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi Laci,
Here it goes:
root at localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version
syslog-ng 3 (3.19.1)
Config version: 3.19
Installer-Version: 3.19.1
Revision: 3.19.1-5
Compile-Date: May 19 2019 11:03:30
Module-Directory: /usr/lib/syslog-ng/3.19
Module-Path: /usr/lib/syslog-ng/3.19
Include-Path: /usr/share/syslog-ng/include
Available-Modules: affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on

Thanks, Alex

On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) <Laszlo.Szemere at oneidentity.com<mailto:Laszlo.Szemere at oneidentity.com>> wrote:
Hello Alex,
 Syslog-ng can be compiled with or without IPv6 support. As a first step please verify if it was compiled that way.

 If you start Syslog-ng with the "--version" option it will print a little debug information about itself. Among other options there will be a line: "Enable-IPv6"

 (If it was compiled with "Enable-IPv6: on", please copy the entire output here. It will help with the later investigation.)

Best regards,
Laci
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Alexandre Santos <alexandre.rosas.santos at gmail.com<mailto:alexandre.rosas.santos at gmail.com>>
Sent: Friday, August 28, 2020 12:35
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: [syslog-ng] No remote logging with hostname which has address is IPv6

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Hi,

I have configuration, which is sending log messages to a remote hostname (dns6server). The particularity of this remote server is that it is resolved to an IPv6 address.

ping works fine:
root at localhost:~# ping dns6server -c 3
PING dns6server(2620:38:4::8:4000:238) 56 data bytes
64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms
64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms
64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms

But syslog-ng seems not to be able to resolve the ipv6 address:

Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded.

Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon.

Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon...

Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING: With use-dns(no), dns-cache() will be forced to 'no' too!;

Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error resolving hostname; host='dns6server'

Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758] Initiating connection failed, reconnecting; time_reopen='60'

Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon.


Any Ideas?


I am sending the configuration and debug log in attachment.


Thanks in Advance,

Alex

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=vmrCsyOtbaTHBGJ%2BpNscXIihsumvePhcmSmAelRZQ0s%3D&reserved=0>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=5M87v3dv77VOtDJ791Odg1lel5b6E3Cr4bnVB4ZG5Go%3D&reserved=0>
FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=kiMZ9Tymaun06gdFnWgUkUr6P6FXim9H2NsqQnBtLxs%3D&reserved=0>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200828/b0872b24/attachment.html>


More information about the syslog-ng mailing list