[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] RFC-5424 configuration with IPV6 is not working
From: Péter, Kókai <peter.kokai () oneidentity ! com>
Date: 2018-09-29 10:03:42
Message-ID: CABxQCpjVAzoPefREEDd98Dz568tdxMvtwzWGwT-YqLRRaU5h5w () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
Sorry to keep you hanging there. You could use *template* to get any kind
of format you want, but for syslog there is also a flags option. Simply
udo6( ... flags(syslog-protocol)); should be the same as syslog(...);
--
Kokan
On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu vinjamuri <
venkates.vin@gmail.com> wrote:
> HI Kokan,
> Could you please let me the info for my previous email?
>
>
> Regards,
> V/
>
> On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu vinjamuri <
> venkates.vin@gmail.com> wrote:
>
>> Thanks for your reply,
>>
>> For *non RFC-5424* format, IPV6 config is as below and is working fine,
>> with syslog-ng-3.3.7 version
>> *destination df_remote_0 {udp6("::1");};*
>> Hence we tried with the below config for RFC-5424 with IPV6:
>> *destination df_remote_0 {syslog("::1**" transport("udp6"));};* and you
>> mentioned there is no such protocol, which I agree with you.
>>
>> To let you know that, we have installed latest version of syslog-ng and
>> the configuration mentioned by you as below is working.
>> *destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};*
>> But this same config is not working in syslog-ng-3.3.7 verision with
>> RFC-5424.format and IPV6.
>>
>> My question is :
>> *In syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 ?*
>> *If so could you please share the config ?*
>>
>> Please share you inputs for the version syslog-ng-3.3.7.?
>>
>> Thanks & Regards,
>> V/
>>
>> On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai <peter.kokai@oneidentity.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I do not really have 3.3.7 version at my hand, so I did not really dig
>>> in if that version supports or not. Well it seems it is from v3.4.1, for
>>> this option you have to update at least to that.
>>>
>>> I do not see a reason why won't it work, and you could use stuff like
>>> system() source.
>>>
>>> --
>>> Kokan
>>>
>>> On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu vinjamuri <
>>> venkates.vin@gmail.com> wrote:
>>>
>>>> Thanks kokan for your reply,
>>>>
>>>> I am getting the below error after making the change as you suggested
>>>> *destination df_remote_0 {syslog("::1" transport("udp")
>>>> ip-protocol(6));};*
>>>>
>>>> Error:
>>>> =====
>>>> Error parsing afsocket, inner-dest plugin ip-protocol not found in
>>>> /etc/syslog-ng/syslog-ng.conf at line 45, column 78:
>>>> destination df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};
>>>>
>>>> ^^^^^^^^^^^
>>>> Please suggest.
>>>>
>>>> Regards,
>>>> V/
>>>>
>>>> On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai <
>>>> peter.kokai@oneidentity.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> The error message lists the correct transport methods: *please use one
>>>>> of udp, tcp, or tls;*
>>>>> There is no such option udp6, you could use specify ipv6 via
>>>>> ip-protocol(4/6)
>>>>>
>>>>> All together syslog("::1" transport("udp") ip-protocol(6)); should
>>>>> work.
>>>>>
>>>>> --
>>>>> Kokan
>>>>>
>>>>> On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu vinjamuri <
>>>>> venkates.vin@gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> *issue*: syslog-ng is not starting if we configure IPV6 IP along
>>>>>> with RFC-5424 format
>>>>>> Using below command to run syslog-ng:
>>>>>> /sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R
>>>>>> /var/syslog-ng.persist -p /var/syslog-ng.pid
>>>>>>
>>>>>> Getting the below error:
>>>>>> ------------------------------
>>>>>>
>>>>>> *syslog-ng: Error changing to Unknown syslog transport specified,
>>>>>> please use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
>>>>>>
>>>>>> Could anyone please let me know what should be the configuration in
>>>>>> syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
>>>>>>
>>>>>> we are using syslog-ng-3.3.7 version.
>>>>>>
>>>>>> *If the below configuration is correct, will it work if we upgrade to
>>>>>> newer version with the below configuration?*
>>>>>>
>>>>>> I am using the below configuration in syslog-ng.conf:
>>>>>> ========================================
>>>>>> options {
>>>>>> stats_freq (0);
>>>>>> flush_lines (0);
>>>>>> time_reopen (10);
>>>>>> log_fifo_size (10000);
>>>>>> chain_hostnames (off);
>>>>>> use_dns (no);
>>>>>> create_dirs (no);
>>>>>> keep_hostname (no);
>>>>>> perm(0640);
>>>>>> group("root");
>>>>>> };
>>>>>>
>>>>>>
>>>>>> # sources
>>>>>> source s_all {
>>>>>> internal();
>>>>>> unix-stream("/dev/log");
>>>>>> file("/proc/kmsg" program_override("kernel: "));
>>>>>> };
>>>>>>
>>>>>>
>>>>>> filter f_remote { facility(local7); };
>>>>>> destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
>>>>>> transport("udp6"));};
>>>>>> log { source(s_all); filter(f_remote); destination(df_remote_0
>>>>>>
>>>>>> Please help if there is any issue in the above configuration?
>>>>>>
>>>>>> Regards,
>>>>>> V/
>>>>>>
>>>>>> ______________________________________________________________________________
>>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>>> Documentation:
>>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>>
>>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Hello,<div><br></div><div>Sorry to keep you hanging there. You could \
use *template* to get any kind of format you want, but for syslog there is also a \
flags option. Simply udo6( ... flags(syslog-protocol)); should be the same as \
syslog(...);</div><div><br></div><div><br></div><div>--</div><div>Kokan</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Sep 29, 2018 at 3:16 AM venkateswarlu \
vinjamuri <<a href="mailto:venkates.vin@gmail.com">venkates.vin@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>HI \
Kokan,</div><div>Could you please let me the info for my previous email? \
</div><div><br></div><div><br></div><div>Regards,<br>V/<br></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Fri, Sep 28, 2018 at 3:13 PM venkateswarlu \
vinjamuri <<a href="mailto:venkates.vin@gmail.com" \
target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div>Thanks for your reply,</div><div><br></div><div>For \
<b>non RFC-5424</b> format, IPV6 config is as below and is working fine, with \
syslog-ng-3.3.7 version </div><div><b>destination df_remote_0 {<font \
style="background-color:rgb(255,255,0)">udp6</font>("::1");};</b></div><div>Hence \
we tried with the below config for RFC-5424 with IPV6:</div><div><span \
style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;tex \
t-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13 \
.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;disp \
lay:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>destination \
df_remote_0 {syslog("::1</b></span><span style="font:400 13.33px/19.99px \
Arial,Helvetica,sans-serif;text-align:left;color:rgb(34,34,34);text-transform:none;tex \
t-indent:0px;letter-spacing:normal;text-decoration:none;word-spacing:0px;display:inlin \
e;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>" \
transport("<font \
style="background-color:rgb(255,255,0)">udp6</font>"));};</b> and you mentioned \
there is no such protocol, which I agree with \
you.</span><br></div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br></div><div>To \
let you know that, we have installed latest version of syslog-ng and the \
configuration mentioned by you as below is working.</div><div><span \
style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;tex \
t-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13 \
.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;disp \
lay:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent"><b>destination \
df_remote_0 {syslog(":1" transport("udp") \
ip-protocol(6));};</b></span></div><div><span style="font:400 13.33px/19.99px \
Arial,Helvetica,sans-serif;text-align:left;color:rgb(34,34,34);text-transform:none;tex \
t-indent:0px;letter-spacing:normal;text-decoration:none;word-spacing:0px;display:inlin \
e;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">But \
this same config is not working in syslog-ng-3.3.7 verision with RFC-5424.format and \
IPV6.</span></div><div><br></div><div>My question is :</div><div><b>I<span \
style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;tex \
t-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13 \
.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;disp \
lay:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">n \
syslog-ng-3.3.7 version, does RFC-5424 format supported with IPV6 \
?</span></b></div><div><b><span \
style="text-align:left;color:rgb(34,34,34);text-transform:none;line-height:19.99px;tex \
t-indent:0px;letter-spacing:normal;font-family:Arial,Helvetica,sans-serif;font-size:13 \
.33px;font-style:normal;font-variant:normal;text-decoration:none;word-spacing:0px;disp \
lay:inline;white-space:normal;font-size-adjust:none;font-stretch:100%;float:none;background-color:transparent">If \
so could you please share the config \
?</span></b></div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><b></b><b></b><br></div><div>Please \
share you inputs for the version \
syslog-ng-3.3.7.?</div><div><b></b><i></i><u></u><sub></sub><sup></sup><strike></strik \
e><b></b><i></i><u></u><sub></sub><sup></sup><strike></strike><br></div><div>Thanks \
& Regards,</div><div>V/</div></div></div></div></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 9:35 PM Péter, Kókai \
<<a href="mailto:peter.kokai@oneidentity.com" \
target="_blank">peter.kokai@oneidentity.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>I do not really have \
3.3.7 version at my hand, so I did not really dig in if that version supports or not. \
Well it seems it is from v3.4.1, for this option you have to update at least to \
that.</div><div><br></div><div>I do not see a reason why won't it work, and you \
could use stuff like system() \
source.</div><div><br></div><div>--</div><div>Kokan</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 5:44 PM venkateswarlu \
vinjamuri <<a href="mailto:venkates.vin@gmail.com" \
target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Thanks \
kokan for your reply,</div><div><br></div><div>I am getting the below error after \
making the change as you suggested</div><div><b>destination df_remote_0 \
{syslog("::1" transport("udp") \
ip-protocol(6));};</b></div><div><b></b><br></div><div>Error:</div><div>=====</div><div>Error \
parsing afsocket, inner-dest plugin ip-protocol not found in \
/etc/syslog-ng/syslog-ng.conf at line 45, column 78:</div><div>destination \
df_remote_0 {syslog(":1" transport("udp") ip-protocol(6));};<br> \
^^^^^^^^^^^<br>Please \
suggest.</div><div><br></div><div>Regards,</div><div>V/</div></div></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 7:56 PM Péter, Kókai \
<<a href="mailto:peter.kokai@oneidentity.com" \
target="_blank">peter.kokai@oneidentity.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hello,<br><br>The error message lists the \
correct transport methods: *please use one of udp, tcp, or tls;* <br><div>There is \
no such option udp6, you could use specify ipv6 via \
ip-protocol(4/6)</div><div><br></div><div>All together syslog("::1" \
transport("udp") ip-protocol(6)); should \
work.</div><div><br></div><div>--</div><div>Kokan</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Thu, Sep 27, 2018 at 4:09 PM venkateswarlu \
vinjamuri <<a href="mailto:venkates.vin@gmail.com" \
target="_blank">venkates.vin@gmail.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div>Hi,</div><div><br></div><div><font \
style="background-color:rgb(255,255,0)"><b>issue</b>: syslog-ng is not starting if we \
configure IPV6 IP along with RFC-5424 format</font></div><div><font \
style="background-color:rgb(255,242,204)">Using below command to run \
syslog-ng:</font></div><div><font style="background-color:rgb(208,224,227)"><font \
style="background-color:rgb(255,242,204)"></font>/sbin/syslog-ng -f \
/etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist -p \
/var/syslog-ng.pid</font><font \
style="background-color:rgb(255,255,0)"><br><div><br></div><div>Getting the below \
error:</div><div>------------------------------</div><div><b>syslog-ng: Error \
changing to <br>Unknown syslog transport specified, please use one of udp, tcp, or \
tls; transport='udp6', \
id='df_remote_0#0'</b></div><div><b></b><br></div></font></div><div>Could \
anyone please let me know what should be the configuration in syslog-ng.conf for IPV6 \
syslog-ng server IP with RFC-5424 format.</div><div><br></div><div>we are using \
syslog-ng-3.3.7 version.</div><div><br></div><div><b>If the below configuration is \
correct, will it work if we upgrade to newer version with the below \
configuration?</b><br></div><div></div><div><br></div><div>I am using the below \
configuration in syslog-ng.conf:</div><div>========================================</div><div>options \
{<br> stats_freq (0);<br> flush_lines (0);<br> time_reopen (10);<br> \
log_fifo_size (10000);<br> chain_hostnames (off);<br> use_dns (no);<br> \
create_dirs (no);<br> keep_hostname (no);<br> perm(0640);<br> \
group("root");<br>};<br><br></div><div><br></div><div># \
sources<br></div><div>source s_all {</div><div> internal(); \
</div><div>unix-stream("/dev/log"); </div><div>file("/proc/kmsg" \
program_override("kernel: "));</div><div> \
};<br><br></div><div><br></div><div>filter f_remote { facility(local7); \
};<br></div><div>destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx" \
transport("udp6"));};<br>log { source(s_all); filter(f_remote); \
destination(df_remote_0</div><div><br></div><div>Please help if there is any issue in \
the above configuration?</div><div><br></div><div>Regards,</div><div>V/</div></div></div></div></div></div></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
</blockquote></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
</blockquote></div>
[Attachment #6 (text/plain)]
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic