[syslog-ng] syslog-ng version 26.1 running in a docker image from docker hub (balabit/syslog-ng)

Laszlo Szemere (lszemere) Laszlo.Szemere at oneidentity.com
Fri Nov 13 11:04:22 UTC 2020


Hello Uwe,

 first of all: thank you for sharing your config and exact Syslog-ng versions. It helps a lot.

 At first look I cannot see any problem with your config. However, there were a lot of changes between version 3.5.6 and 3.26.1 (You might want to take a look at "cisco-parser()")


 If you suspect this is a filter problem, may I suggest starting Syslog-ng in a debug mode? example: https://github.com/balabit/syslog-ng-docker/issues/58#issuecomment-680674916
 In this case you should see messages like:

    >>>>>> filter rule evaluation begin; rule='foobar', location='/conf/syslog-ng.conf:15:16', msg='0x7efd38015c40'
    <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='foobar', location='/conf/syslog-ng.conf:15:16', msg='0x7efd38015c40'


If this does not help finding the problematic filter, I might need some example logs to trace down any parsing issues.



Best regards,
Laci






________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Martin, Uwe <uwe.martin at festo.com>
Sent: Friday, November 13, 2020 11:15
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] syslog-ng version 26.1 running in a docker image from docker hub (balabit/syslog-ng)

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hello,



We have a problem after an upgrade form syslog-ng version 3.5.6 to version 26.1 in a docker container.

CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS               NAMES

d8c8c3380a71        balabit/syslog-ng:3.26.1   "/usr/sbin/syslog-..."   About an hour ago   Up About an hour



Now not all logs from the devices are seen and forwarding to another log gateway is also not working. With tcpdump I see the packets on the interface. I seems some filter will not work. I add our config. Anybody an idea how to troubleshoot or fix this problem?



Kind regards



Uwe





Festo SE & Co. KG
Uwe Martin
Abteilung IM-IHN
IT Communication Networks
Gottlieb-Stoll-Straße 29
66386 St. Ingbert
Deutschland
Telefon +49(6894)591-6323
Telefax +49(711)34754-6323
http://www.festo.com

Der Inhalt dieser E-Mail und moeglicher Anhaenge sind ausschliesslich fuer den bezeichneten Adressaten bestimmt.
Jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail und
moeglicher Anhaenge durch unberechtigte Dritte ist unzulaessig. Wir bitten Sie, sich mit dem Absender der E-Mail in
Verbindung zu setzen, falls Sie nicht der Adressat dieser E-Mail sind sowie das Material von Ihrem Computer zu loeschen.

This e-mail and any attachments are confidential and intended solely for the addressee. The perusal, publication, copying
or dissemination of the contents of this e-mail by unauthorised third parties is prohibited. If you are not the intended
recipient of this e-mail, please delete it and immediately notify the sender.

Rechtsform: Kommanditgesellschaft, Sitz: Esslingen a.N., Registergericht Stuttgart HRA 211583, Umsatzsteuerident-Nummer: DE 145339206
Persoenlich haftende Gesellschafterin: Festo Management SE, Sitz: Frankfurt a.M., Registergericht Frankfurt a.M., HRB 115998
Vorstand: Dipl.-Ing. Gerhard Borho, Dipl.-Ing. Dr. h.c. Oliver D. Jung (Vorsitzender), Dr. Ansgar Kriwet, Dr. Frank Melzer, Dipl.-Ing. (FH) Frank Notz, Dr. Jaroslav Patka
Aufsichtsratsvorsitzender: Dr. Friedrich Eichiner

Bitte beachten Sie: die Festo AG & Co. KG firmiert seit 31.01.2020 unter Festo SE & Co. KG.

Please note, on 2020-01-31 Festo AG & Co. KG changed its company name to Festo SE & Co. KG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20201113/225f951d/attachment-0001.html>


More information about the syslog-ng mailing list