[RESOLVED] Syslog Bug

zekicker

Hello,

I think I found a bug with the process of sending log to a remote server.

Filter logs are sent like this :
Jun  2 19:14:18 filterlog: 86,16777216,,1491408988,em0,match,pass,in,4,0x0,,125,30221,0,DF,6,tcp,52,<ipsrc>,<ipdst>,51403,443,0,S,320298021,,65535,,mss;nop;wscale;nop;nop;sackOK

The hostname is missing between the date and the word "filterlog".
I did a capture on the pfsense and the logs are sent like this for filterlog. No problem with nginx logs.

I m using the last 2.3.4 version.
Regards,</ipdst></ipsrc>

jimp

Not a bug. syslogd on FreeBSD does not send the hostname. The remote log server usually adds the hostname itself based on the source of the log entries.

You could maybe setup the syslog-ng package if it's more to your liking.

zekicker

OK but why is there a difference with a nginx log ?

Jun  2 13:28:30 <hostname></hostname><fqdn>nginx: <ip>- - [02/Jun/2017:13:28:30 +0200] "GET /status_logs_filter_dynamic.php?&logfile=/var/log/filter.log&nentries=50&lastsawtime=1496402757 HTTP/1.1" 200 31 "https://<ip>/status_logs_filter_dynamic.php?logfile=filter&view=dynamic" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/5CLOG</ip></ip></fqdn>

kpa

Nginx as far as I know writes its logs directly using its own log formatting that has nothing to do with syslog(3).

zekicker

Hello,

Thanks for your answer.

Regards,