MonitorWare Knowledge Base

Hi. As per the subject I have found a seemingly bug on WinSyslog 4.2.
Pls investigate and make sure on this problem, support people.

* What happens:
When a message has ":" within the message the display (and maybe the data itself?) will not show the real thing after that.

* Current workaround
Stop adisconwinsyslog service and restart it.

* What I request for support people (I want all of these below.)
A. Confirm the problem
B. Find better workarounds
C. Issue patches, or when you issue the next patch pls include the fix for this item.

* Example:
1. the raw thing:
---------------------------------------------------------------
Feb 9 06:05:22 local LogtoolRealSource:"local" logtool:/images/common/smenu_bg.gif
---------------------------------------------------------------

here logtool is what my colleague has made with Visual Studio.
After this kind of things are logged to messages all the other messages which have "Realsource:" in the beginning of the message field shows it as "logtoolRealSource:"

2. Kiwi SyslogGen
A. What causes the problem:
---------------------------------------------------------------
SyslogGenRealSource:"backup2" SyslogGen ALL YOUR BASE ARE BELONG TO US
---------------------------------------------------------------

B. What is wrong after A occurs. RealSource: field is not recovered...
---------------------------------------------------------------
SyslogGenRealSource:"backup" port unreachable to TCP/80 from 192.168.3.11
---------------------------------------------------------------

Hi,

thanks for your post. I just wanted to let you know that we are setting up a lab to reproduce the issue.

I assume that you are using the Interactive Syslog Server, is this right?

Best regards,
Rainer Gerhards
Adíscon

Hi. I somehow could not login at the first post, so I created a new user... I am YamaKenTokyo.

[quote="rgerhards"]
I assume that you are using the Interactive Syslog Server, is this right?
[/quote]

No, I do not use this often. What I am using to check this is:
1. ASP sample pages you allow us to download
2. Another sets of sample pages by Mr. Hideaki Ihara of Port139
3. (For the verification of this behavior only, yeah...) Interactive server

Environment:
OS: Win2K Server SP4 (JPN)
DB: MSSQL 2000 SP3a (JPN)
Syslog Server: WinSyslog 4.2

Hi. I successfully reproduced this with the following environments:

Srv:
1. Windows Server 2003 Japanese+WinSyslog 4.2
2. Windows Server 2003 Japanese+WinSyslog 5.2

Settings in the action menu:
*Add Syslog Source when forwarding to other Syslog servers

Settings in the Running Services menu:
*Take source system from Syslog message

Agent used for reproduce this problem:
Klog
Adiscon Logger 1.0
Linux logger (On Red Hat Linux 9.0)

The SNMP Receivor function of Winsyslog 5.2 itself.

As for WinSyslog 5.x we can receive SNMP trap messages, too. Here, with the default settings the messages are like "IP: Uptime, Enterprise, blah, blah, blah.)

Hi,

do I get it right that the >RealSource:"local"< Part messes up your syslog message? If yes please disable the "Add Syslog Source" option in your Forward Syslog Action.

Otherwise if you wish to leave the original message fully intact without changes, disable the option "Process message while relaying", this might help.

best regards,
Andre Lorbach

Okay, let me have a try on this. ;-)

Cheers.