FAQ

I have an invalid source in my received syslog message - what to do?

Created on 2002-03-17 by Rainer Gerhards.

If I look at the received syslog message source system, I see invalid names like "su", "root" and the like. These correspond to some part of the syslog message. In any case, it is not the real system name. What can I do to receive the correct name?

The problems stems from non syslog-RFC compliant systems. The syslog service does RFC compliant message parsing. Unfortunately, many existing systems are not compliant to the syslog RFC and format the message other then specified. As such, the syslog service picks up an invalid source system - simply because invalid information is where the source system should be.

Fortunately, the syslog server can be instructed to ignore the source system in the syslog message. This is the defaut mode for all installations after 2002-03-20. This is done with the "Take source system from syslog message". If that check box is checked, the source is taken from the message as specified in the syslog RFC. If it is unchecked, it is determined based on the sending system.

Adiscon's experience is that as of this writing only a limited number of systems support RFC compliant message formatting, so we recommend to uncheck this option.

HomeProduct InfoGeneral InformationEdition ComparisonOrder and PricingUpgrade Insurance InfoNews ReleasesVersion HistoryProduct TourScreenshotsDownloadReference libraryGeneral InformationStep-by-step guidesAllInstallation and ConfigurationServices relatedActions relatedCentral MonitoringCommon UsesCentralized monitoringSecurity ReferenceHelpSupportManualFAQAllGeneral questionsWinSyslog relatedServices relatedActions relatedFilter ConditionsWinSyslog 3.x specificLicense relatedArticlesSeminars OnlineAllGeneralWinSyslog relatedOrder & pricingOrder nowEditionsPricing InformationUpgrade Insurance InfoLocal ResellerContact UsSearch

Printer Version Send this page to a friend