I have an invalid source in my received syslog message – what to do?

Created on 2002-03-17 by Rainer Gerhards.

If I look at the received syslog message source system, I see invalid names like "su", "root" and the like. These correspond to some part of the syslog message. In any case, it is not the real system name. What can I do to receive the correct name?

The problems stems from non syslog-RFC compliant systems. The syslog service does RFC compliant message parsing. Unfortunately, many existing systems are not compliant to the syslog RFC and format the message other then specified. As such, the syslog service picks up an invalid source system – simply because invalid information is where the source system should be.

Fortunately, the syslog server can be instructed to ignore the source system in the syslog message. This is the defaut mode for all installations after 2002-03-20. This is done with the "Take source system from syslog message". If that check box is checked, the source is taken from the message as specified in the syslog RFC. If it is unchecked, it is determined based on the sending system.

Adiscon’s experience is that as of this writing only a limited number of systems support RFC compliant message formatting, so we recommend to uncheck this option.

70-177 pdf   ,
70-178 pdf   ,
70-243 pdf   ,
70-246 pdf   ,
70-270 pdf   ,
70-410 pdf   ,
70-411 pdf   ,
70-412 pdf   ,
000-017 pdf   ,
000-080 pdf   ,
000-089 pdf   ,
000-104 pdf   ,
000-105 pdf   ,
1Z0-060 certification   ,
CAP certification   ,
SSCP certification   ,
1V0-601 certification   ,
70-412 certification   ,
300-075 certification   ,
300-115 certification   ,
ICGB certification   ,
642-999 certification   ,
CISM certification   ,
ICBB certification   ,
EX200 certification   ,

Tags: , ,

Comments are closed.