[syslog-ng] No remote logging with hostname which has address is IPv6

Alexandre Santos alexandre.rosas.santos at gmail.com
Fri Aug 28 14:55:15 UTC 2020 

Hi Laci,
>From I debugged watching tcpdumps of DNS and compared with other
applications, syslog-ng is sending DNS AAAA query, only if ip-protocol(6)
option is set.
Is this going to be changed (fixed) in future versions?
Thanks & Regards,
Alex

On Fri, Aug 28, 2020 at 12:12 PM Laszlo Szemere (lszemere) <
Laszlo.Szemere at oneidentity.com> wrote:

> Hello Alex,
>  thank you for the output. This part looks good. Unfortunately you have
> to explicitly enable the IPv6 protocol in the configuration. (Which will
> indicate that IPv4 will not work simultaneously.)
>
>  Please add: "ip-protocol(6)" to your "d_hostnameIPv6_udp" destination.
>
> destination d_hostnameIPv6_udp {
>     syslog("dns6server" transport("udp") port(514) keep-alive(no)
>         suppress(5)
>         disk-buffer(
>             mem-buf-size(2097152)
>             disk-buf-size(4194304)
>             reliable(yes)
>             dir("/tmp")
>             ip-protocol(6)
>         )
>     );
> };
>
>
> Best regards,
> Laci
>
> ------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> Alexandre Santos <alexandre.rosas.santos at gmail.com>
> *Sent:* Friday, August 28, 2020 13:06
> *To:* Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> *Subject:* Re: [syslog-ng] No remote logging with hostname which has
> address is IPv6
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> Hi Laci,
> Here it goes:
> root at localhost:~# /usr/sbin/syslog-ng -Fvde $SYSLOGNG_OPTS
> --cfgfile=/etc/syslog-ng/mgmt-syslog-ng.conf
> --pidfile=/var/lib/syslog-ng/mgmt-syslog-ng.pid
> --persist-file=/var/lib/syslog-ng/mgmt-syslog-ng.persist
> --control=/var/lib/syslog-ng/mgmt-syslog-ng.ctl --version
> syslog-ng 3 (3.19.1)
> Config version: 3.19
> Installer-Version: 3.19.1
> Revision: 3.19.1-5
> Compile-Date: May 19 2019 11:03:30
> Module-Directory: /usr/lib/syslog-ng/3.19
> Module-Path: /usr/lib/syslog-ng/3.19
> Include-Path: /usr/share/syslog-ng/include
> Available-Modules:
> affile,hook-commands,basicfuncs,afuser,csvparser,date,pseudofile,confgen,json-plugin,linux-kmsg-format,cef,system-source,syslogformat,afsql,appmodel,http,kvformat,afprog,afsocket,afmongodb,sdjournal,cryptofuncs,disk-buffer,dbparser
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: on
> Enable-TCP-Wrapper: on
> Enable-Linux-Caps: on
> Enable-Systemd: on
>
> Thanks, Alex
>
> On Fri, Aug 28, 2020 at 11:58 AM Laszlo Szemere (lszemere) <
> Laszlo.Szemere at oneidentity.com> wrote:
>
> Hello Alex,
>  Syslog-ng can be compiled with or without IPv6 support. As a first step
> please verify if it was compiled that way.
>
>  If you start Syslog-ng with the "--version" option it will print a little
> debug information about itself. Among other options there will be a line:
> "Enable-IPv6"
>
>  (If it was compiled with "Enable-IPv6: on", please copy the entire output
> here. It will help with the later investigation.)
>
> Best regards,
> Laci
> ------------------------------
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
> Alexandre Santos <alexandre.rosas.santos at gmail.com>
> *Sent:* Friday, August 28, 2020 12:35
> *To:* Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> *Subject:* [syslog-ng] No remote logging with hostname which has address
> is IPv6
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> Hi,
>
> I have configuration, which is sending log messages to a remote hostname
> (dns6server). The particularity of this remote server is that it is
> resolved to an IPv6 address.
>
> ping works fine:
> root at localhost:~# ping dns6server -c 3
> PING dns6server(2620:38:4::8:4000:238) 56 data bytes
> 64 bytes from 2620:38:4::8:4000:238: icmp_seq=1 ttl=63 time=0.354 ms
> 64 bytes from 2620:38:4::8:4000:238: icmp_seq=2 ttl=63 time=0.264 ms
> 64 bytes from 2620:38:4::8:4000:238: icmp_seq=3 ttl=63 time=0.310 ms
>
> But syslog-ng seems not to be able to resolve the ipv6 address:
>
> Aug 27 20:58:37 localhost systemd[1]: mgmt-syslog-ng.service: Succeeded.
>
> Aug 27 20:58:37 localhost systemd[1]: Stopped External Logger Daemon.
>
> Aug 27 20:58:37 localhost systemd[1]: Starting External Logger Daemon...
>
> Aug 27 20:58:37 localhost ip[32709]: [2020-08-27T20:58:37.841389] WARNING:
> With use-dns(no), dns-cache() will be forced to 'no' too!;
>
> Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854714] Error
> resolving hostname; host='dns6server'
>
> Aug 27 20:58:46 localhost ip[32709]: [2020-08-27T20:58:46.854758]
> Initiating connection failed, reconnecting; time_reopen='60'
>
> Aug 27 20:58:46 localhost systemd[1]: Started External Logger Daemon.
>
>
> Any Ideas?
>
>
> I am sending the configuration and debug log in attachment.
>
>
> Thanks in Advance,
>
> Alex
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=vmrCsyOtbaTHBGJ%2BpNscXIihsumvePhcmSmAelRZQ0s%3D&reserved=0>
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=5M87v3dv77VOtDJ791Odg1lel5b6E3Cr4bnVB4ZG5Go%3D&reserved=0>
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7C4370da7bbe7c46ec493b08d84b426c29%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637342095943843156&sdata=kiMZ9Tymaun06gdFnWgUkUr6P6FXim9H2NsqQnBtLxs%3D&reserved=0>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200828/66ec8799/attachment.html>

More information about the syslog-ng mailing list