Back to your phpLogCon instanceI see there was a post back in 2004 on this subject as well, but do nt see that there was any resolution.
There appears to be an issue with how syslog from a solaris 8 or solaris 9 system is being parsed by Winsyslog. I have a rule defined that logs to 'Undefined-source.txt' replacing the source system name in the output file. Generally this works fine, however it is not working when the sending system is Solaris 8 or 9.
The Winsyslog Interactive syslog server shows the messages correctly, with the source IP in the correct field:
3/13/2006 11:30:39 AM, 3, 6, 10.1.2.3, Mar 13 10:30:36 named[23262]: [ID 873579 daemon.info] client 10.9.8.7#63149: updating zone 'somezone.com/IN': adding an RR
3/13/2006 11:30:39 AM, 3, 6, 10.2.3.4, Mar 13 10:30:37 named[10319]: [ID 873579 daemon.info] client 10.8.7.6#63146: updating zone 'somezone.com/IN': adding an RR
3/13/2006 11:30:39 AM, 3, 6, 10.3.4.5, Mar 13 11:30:36 named[156]: [ID 873579 daemon.info] transfer of '254.10.in-addr.arpa/IN' from 10.7.6.5#53: end of transfer
However when Winsyslog parses and writes the output based on the file name I mentioned above, I get the following output:
Undefined-named[10319]
Undefined-named[10417]
Undefined-named[1102]
Undefined-named[156]
Undefined-su
We have attempted modifying the msgid as suggested in http://smarden.sunsite.dk/socklog/readme.solaris.html, however that did not resolve the issue.
Any thoughts on what the solution is? I am running Winsyslog 6.2.425.
MonitorWare Knowledge Base
Your first source for knowledge
Syslog from Solaris 8/9 to Winsyslog
Moderator: alorbach
4 posts • Page 1 of 1
by alorbach on Tue Mar 14, 2006 10:04 am
Hi,
from your description I would say that the syslog message differ from each other and that causes the problem. The problem is without further informations, it is hard to find out.
So I ask you to send an email to our support team (support@adiscon.com), where you referer to this forum thread. Include an export of your configuration within your email, and in best case some sample logs from your solaris 8 and 9 systems. Then we try to reproduce and analyze your problem in our labs.
best regards,
Andre Lorbach
from your description I would say that the syslog message differ from each other and that causes the problem. The problem is without further informations, it is hard to find out.
So I ask you to send an email to our support team (support@adiscon.com), where you referer to this forum thread. Include an export of your configuration within your email, and in best case some sample logs from your solaris 8 and 9 systems. Then we try to reproduce and analyze your problem in our labs.
best regards,
Andre Lorbach
-
alorbach - Site Admin
- Posts: 852
- Joined: Thu Feb 13, 2003 11:55 am
by sparcel on Tue Mar 14, 2006 11:39 am
I have submitted the requested data to the support e-mail address. From the results I have seen, this is easy to reproduce if you have access to a Solaris v8 or v9 system to generate syslog data from. Since there was a post in 2004 on this same subject, I would guess this is not a new issue. Thanks for the assistance.
- sparcel
- Avarage
- Posts: 17
- Joined: Wed Oct 26, 2005 6:36 pm
by alorbach on Thu Mar 16, 2006 2:17 pm
For the information for all who find this thread and are searching for a workaround, you will find a faq entry here:
http://www.winsyslog.com/Common/en/faq/ ... essing.php
http://www.winsyslog.com/Common/en/faq/ ... essing.php
-
alorbach - Site Admin
- Posts: 852
- Joined: Thu Feb 13, 2003 11:55 am
Google Ads
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
