[rsyslog] more 5.1.3 errors (fwd)

Rainer Gerhards rgerhards at hq.adiscon.com
Thu Aug 20 11:35:58 CEST 2009


David,

some more comments...

> <175>Aug  1 00:39:22 172.20.254.6 ^A
> MSWinEventLog^I1^ISecurity^I343780121^IFri
> Jul 31 18:20:25 2009^I538^ISecurity^Idataman^IUser^ISuccess
> Audit^IOPSMON01^ILogon/Logoff^I^Idataman^I343777243
> 
> 192.168.210.245 172.20.254.6 ^A

provided that 192.168.210.245 is the correct sender address as seen by the
receiver (NAT?), this message looks good (^A actually is the tag, even though
the sender has probably not intended it to be a tag...)

> 
> 
> 
> an example of the second problem is log entries like this
> 
> <29>Jul 31 21:33:39 methane1d-b plug-gw[13212]: connect host=
> /192.168.243.38
> destination=179.50.100.130/11074
> 
> 192.168.210.245 192.168.210.245 methane1d-b
> 
> 
> the problem is that the log file on the .245 box (which log *.* to
> messages)
> don't show anything like this, and the methane1d-b box doesn't have any
> networks in common with the .245 box

I don't get any grip on this. Would it be possible to provide (privately)
debug log files for this processing? I have really a hard time figuring out
what's going on there, and I am not sure if some unprintable characters are
part of the picture. Only the debug log will show me that...

Rainer



More information about the rsyslog mailing list