Syslog message feature request.

firewalluser

As my GCHQ controlled isp continues to dick me around, one thing I noticed is syslogs could do with having an incremental counter to ensure some dont go missing, and where possible could the date time stamp be in an iso format which includes sub seconds eg
2013-03-27T21:51:29.139796+00:00

This way when I get hundreds of messages from things like unbound or apinger, I can see if any of the incremental counters have not been ~~logged~~ lost by syslog server possibly due to a network bottle neck or some other reason like the syslog server maybe filtering out pertinent messages, or my kernel becomes tainted!

Doesnt have to change from udp as the missing incremental messages is enough to spot when something is missing, but the ISO time stamps is also useful for cross referencing with other checks I have here.

As you can see from below, I have a gap in my syslogs from 1:11:19 through to 01:12:59 and I have no way of knowing if anything is missing.

2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:1] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T01:11:19+00:00 192.168.1.1 unbound: [94098:0] error: can't bind socket: Can't assign requested address for 92.24.191.160
2015-08-24T00:08:12.005236+00:00 [edited for security]
2015-08-24T01:12:59+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:12:59+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:00+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:00+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:01+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:01+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:02+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:02+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:03+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:03+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:04+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:04+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:05+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:05+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:06+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:06+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:07+00:00 192.168.1.1 apinger: sendto: No route to host
2015-08-24T01:13:07+00:00 192.168.1.1 apinger: Could not bind socket on address(92.24.191.160) for monitoring address 92.24.176.1(WAN_PPPOE) with error Can't assign requested a$
2015-08-24T01:13:08+00:00 192.168.1.1 apinger: sendto: No route to host

firewalluser

One other thing, as rsyslog server can handle upto 64K in its messages, but the udp stack can only handle 2k according to the rsyslog conversations, may be there is room for additional information upto 2k with udp and upto 64k with tcp?

On the syslog incremental counter point, having a system wide incremental counter which is used by/for all syslog messages and is persistent through reboots would probably be the most useful.

Syslog message feature request.

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter