[syslog-ng] syslog-ng version 26.1 running in a docker image from docker hub (balabit/syslog-ng)

Martin, Uwe uwe.martin at festo.com
Tue Dec 1 17:36:29 UTC 2020 

Hello Laci,

thanks for your support and sorry for the delay.
After some debugs and installing the old version 3.5.6 on the host again, which was also not working I found the problem in the secondary ip address we used on the host. After removing the secondary address syslog-ng is working again without a problem. At the moment we will use this old version, but I will try to use the docker version on a test system to check if it works again and we can use the new features of the 3.29 version.

Thanks again and kind regards

Kind regards

Uwe

Von: syslog-ng <syslog-ng-bounces at lists.balabit.hu> Im Auftrag von Laszlo Szemere (lszemere)
Gesendet: Freitag, 13. November 2020 12:04
An: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Betreff: Re: [syslog-ng] syslog-ng version 26.1 running in a docker image from docker hub (balabit/syslog-ng)


CAUTION: This e-mail is from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide your password!
Hello Uwe,

 first of all: thank you for sharing your config and exact Syslog-ng versions. It helps a lot.

 At first look I cannot see any problem with your config. However, there were a lot of changes between version 3.5.6 and 3.26.1 (You might want to take a look at "cisco-parser()")


 If you suspect this is a filter problem, may I suggest starting Syslog-ng in a debug mode? example: https://github.com/balabit/syslog-ng-docker/issues/58#issuecomment-680674916
 In this case you should see messages like:

    >>>>>> filter rule evaluation begin; rule='foobar', location='/conf/syslog-ng.conf:15:16', msg='0x7efd38015c40'
    <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='foobar', location='/conf/syslog-ng.conf:15:16', msg='0x7efd38015c40'


If this does not help finding the problematic filter, I might need some example logs to trace down any parsing issues.



Best regards,
Laci






________________________________
From: syslog-ng on behalf of Martin, Uwe
Sent: Friday, November 13, 2020 11:15
To: syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] syslog-ng version 26.1 running in a docker image from docker hub (balabit/syslog-ng)

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hello,



We have a problem after an upgrade form syslog-ng version 3.5.6 to version 26.1 in a docker container.

CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS               NAMES

d8c8c3380a71        balabit/syslog-ng:3.26.1   "/usr/sbin/syslog-..."   About an hour ago   Up About an hour



Now not all logs from the devices are seen and forwarding to another log gateway is also not working. With tcpdump I see the packets on the interface. I seems some filter will not work. I add our config. Anybody an idea how to troubleshoot or fix this problem?



Kind regards



Uwe





Festo SE & Co. KG
Uwe Martin
Abteilung IM-IHN
IT Communication Networks
Gottlieb-Stoll-Straße 29
66386 St. Ingbert
Deutschland
Telefon +49(6894)591-6323
Telefax +49(711)34754-6323
http://www.festo.com

Der Inhalt dieser E-Mail und moeglicher Anhaenge sind ausschliesslich fuer den bezeichneten Adressaten bestimmt.
Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail und
moeglicher Anhaenge durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender der E-Mail in
Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind sowie das Material von Ihrem Computer zu loeschen.

This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying
or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended
recipient of this e-mail, please delete it and immediately notify the sender.

Rechtsform: Kommanditgesellschaft, Sitz: Esslingen a.N., Registergericht Stuttgart HRA 211583, Umsatzsteuerident-Nummer: DE 145339206
Persoenlich haftende Gesellschafterin: Festo Management SE, Sitz: Frankfurt a.M., Registergericht Frankfurt a.M., HRB 115998
Vorstand: Dipl.-Ing. Gerhard Borho, Dipl.-Ing. Dr. h.c. Oliver D. Jung (Vorsitzender), Dr. Ansgar Kriwet, Dr. Frank Melzer, Dipl.-Ing. (FH) Frank Notz, Dr. Jaroslav Patka
Aufsichtsratsvorsitzender: Dr. Friedrich Eichiner

Bitte beachten Sie: die Festo AG & Co. KG firmiert seit 31.01.2020 unter Festo SE & Co. KG.

Please note, on 2020-01-31 Festo AG & Co. KG changed its company name to Festo SE & Co. KG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20201201/94e3d326/attachment-0001.html>

More information about the syslog-ng mailing list