4. Syslog message feature request.

Syslog message feature request.

  • F

    As my GCHQ controlled isp continues to dick me around, one thing I noticed is syslogs could do with having an incremental counter to ensure some dont go missing, and where possible could the date time stamp be in an iso format which includes sub seconds eg
    2013-03-27T21:51:29.139796+00:00

    This way when I get hundreds of messages from things like unbound or apinger, I can see if any of the incremental counters have not been logged lost by syslog server possibly due to a network bottle neck or some other reason like the syslog server maybe filtering out pertinent messages, or my kernel becomes tainted!

    Doesnt have to change from udp as the missing incremental messages is enough to spot when something is missing, but the ISO time stamps is also useful for cross referencing with other checks I have here.

    As you can see from below, I have a gap in my syslogs from 1:11:19 through to 01:12:59 and I have no way of knowing if anything is missing.

    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
    2015-08-24T00:08:12.005236+00:00 [edited for security]
    2015-08-24T01:12:59+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:12:59+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:00+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:00+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:01+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:01+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:02+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:02+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:03+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:03+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:04+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:04+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:05+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:05+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:06+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:06+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:07+00:00 192.168.1.1 apinger: sendto: No route to host
    2015-08-24T01:13:07+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
    2015-08-24T01:13:08+00:00 192.168.1.1 apinger: sendto: No route to host

    0
  • F

    One other thing, as rsyslog server can handle upto 64K in its messages, but the udp stack can only handle 2k according to the rsyslog conversations, may be there is room for additional information upto 2k with udp and upto 64k with tcp?

    On the syslog incremental counter point, having a system wide incremental counter which is used by/for all syslog messages and is persistent through reboots would probably be the most useful.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy