ronny.raudstein@kvinnherad.kommune.no said:
This number is the sequence-numer of the syslog-message. I've tried to turn it off on the router with the command: no service sequence-number
Try to use the command no logging message-counter syslog
But IMHO the NAV syslog system should handle this beacuse it is the default setting on a Cisco switch/router.
regards,
This fixed the problem with the counter. And now I get messages in the database, but only from hosts where I haven't registered reverse-DNS. All messages with hostnames instead of IP in "Origin" ends in parsing errors.
Ronny Raudstein It-avd Kvinnherad Kommune
-----Opprinnelig melding----- Fra: Borge Brunes [mailto:Borge.Brunes@uit.no] Sendt: 23. mars 2009 11:58 Til: ronny.raudstein Kopi: Morten Brekkevold; nav-users@uninett.no Emne: Re: SV: Log engine
ronny.raudstein@kvinnherad.kommune.no said:
This number is the sequence-numer of the syslog-message. I've tried to turn it off on the router with the command: no service sequence-number
Try to use the command no logging message-counter syslog
But IMHO the NAV syslog system should handle this beacuse it is the default setting on a Cisco switch/router.
regards,
On Mon, 23 Mar 2009 12:18:57 +0100 "ronny.raudstein" ronny.raudstein@kvinnherad.kommune.no wrote:
This fixed the problem with the counter. And now I get messages in the database, but only from hosts where I haven't registered reverse-DNS. All messages with hostnames instead of IP in "Origin" ends in parsing errors.
Just a thought: Is the origin from the syslog just a hostname or a fully-qualified domain name?
I think maybe logengine is simple-minded enough that it cannot find the corresponding device in the NAV database unless the origin field is an IP address or identical to the full sysname registered in NAV (which would be the reverse DNS lookup of the IP address).
On Mon, 23 Mar 2009 12:18:57 +0100 "ronny.raudstein" ronny.raudstein@kvinnherad.kommune.no wrote:
This fixed the problem with the counter. And now I get messages in the database, but only from hosts where I haven't registered reverse-DNS. All messages with hostnames instead of IP in "Origin" ends in parsing errors.
Ronny,
I've had a closer look at the code, and I must confess that my initial response was in error.
The logengine doesn't fail because of the message counter. It does in fact expect the message counter, but it doesn't expect the originating device to log the current year along with its date!
If the year can be configured away in the device config, you may have more luck getting the current version working, while we work on a fix for the issue.
On Mon, 23 Mar 2009 11:57:40 +0100 Borge Brunes Borge.Brunes@uit.no wrote:
ronny.raudstein@kvinnherad.kommune.no said:
This number is the sequence-numer of the syslog-message. I've tried to turn it off on the router with the command: no service sequence-number
Try to use the command no logging message-counter syslog
But IMHO the NAV syslog system should handle this beacuse it is the default setting on a Cisco switch/router.
Although I don't really know any specifics about Cisco syslogging, I agree.
A more important point is that logengine shouldn't crash because of a parsing error like this one. If there is a bug in the parsing, the log message should be put into the parse error table, and processing of log messages should continue as normal.
I've filed this as a bug on Launchpad: https://bugs.launchpad.net/nav/+bug/347776
-
Borge Brunes -
Morten Brekkevold -
ronny.raudstein