[rsyslog] more 5.1.3 errors (fwd)
david at lang.hm
david at lang.hm
Thu Aug 20 11:51:04 CEST 2009
On Thu, 20 Aug 2009, Rainer Gerhards wrote:
> David,
>
> some more comments...
>
>> <175>Aug 1 00:39:22 172.20.254.6 ^A
>> MSWinEventLog^I1^ISecurity^I343780121^IFri
>> Jul 31 18:20:25 2009^I538^ISecurity^Idataman^IUser^ISuccess
>> Audit^IOPSMON01^ILogon/Logoff^I^Idataman^I343777243
>>
>> 192.168.210.245 172.20.254.6 ^A
>
> provided that 192.168.210.245 is the correct sender address as seen by the
> receiver (NAT?), this message looks good (^A actually is the tag, even though
> the sender has probably not intended it to be a tag...)
yes it is.
in retrospect I should have only shown bad messages. unfortunantly I just
did a tail of all of the files, checked that they included errors and sent
them all.
part of my reasoning was to show that I can't see any difference between
messages that work and ones that don't.
>>
>>
>>
>> an example of the second problem is log entries like this
>>
>> <29>Jul 31 21:33:39 methane1d-b plug-gw[13212]: connect host=
>> /192.168.243.38
>> destination=179.50.100.130/11074
>>
>> 192.168.210.245 192.168.210.245 methane1d-b
>>
>>
>> the problem is that the log file on the .245 box (which log *.* to
>> messages)
>> don't show anything like this, and the methane1d-b box doesn't have any
>> networks in common with the .245 box
>
> I don't get any grip on this. Would it be possible to provide (privately)
> debug log files for this processing? I have really a hard time figuring out
> what's going on there, and I am not sure if some unprintable characters are
> part of the picture. Only the debug log will show me that...
I will see what I can do. I'm home sick for the rest of the week, so I
don't know how much I'll be able to test anything.
David Lang
More information about the rsyslog
mailing list