Ping a Specific Port

Question

Dean Smith

Asked: 2010-09-03 05:05:51 +0800 CST2010-09-03 05:05:51 +0800 CST 2010-09-03 05:05:51 +0800 CST

Syslog-ng log format

772

I am using a centralised syslog-ng loghost to collect logs and syslog-ng on some of the clients.

On one particular client, running syslog-ng on Devil Linux, syslog entries are sent ( confirmed with tcpdump ) with the following format

DATE local@hostname MESSAGE

where local is the name of the source from the config file

source local { file("/proc/kmsg" program_override("kernel: ")); unix-stream("/dev/log" max-connections(1000)); internal(); };

log { source(local); destination(console); };

Non of the other syslog-ng hosts do this, although most are Centos 5.4 running syslog-ng 2.1.4 where as this is syslog-ng version 3.05

Does anyone know why this is happening and how to stop it.

EDIT: Full config file


@version: 3.0

#####################################################################
# define options for syslog
#####################################################################
options { long_hostnames(on); flush_lines(0); time_reopen(60); use_dns (no); };

#####################################################################
# define the source pipe for all local messages
#####################################################################
source local { file("/proc/kmsg" program_override("kernel: ")); unix-stream("/dev/log" max-connections(1000)); internal(); };

#####################################################################
# print all messages on tty10
#####################################################################
destination console { file("/dev/tty10"); };
log { source(local); destination(console); };

#####################################################################
# send all messages to the loghost
#####################################################################

destination loghost { 
 udp("192.168.45.15" port (514)) ;
 };
log { source(local); destination(loghost); };

#####################################################################
# send all messages to /var/log/messages
#####################################################################
#destination logfile { file("/var/log/messages"); };
#log { source(src); destination(logfile); };

#####################################################################
# END
#####################################################################

1 Answers

Voted

kubanczyk · Answer 1 · 2010-09-18T13:52:31+08:00

Best Answer

kubanczyk

2010-09-18T13:52:31+08:002010-09-18T13:52:31+08:00

Normally, the "local@localhost" string is a result of either one of these config options:

chain_hostnames(yes);
long_hostnames(yes);

I can't remember exactly if this one more option is involved:

keep_hostname(yes);

Please update your question with full config file.

EDIT: seems like long_hostnames(on) is at fault. Surely, some of the syslog-ng options are not only misnamed, but also very poorly documented. I've tried to re-engineer this mess and I've put the results here at FQDNs during migration from syslogd to syslog-ng

2

Syslog-ng log format

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?