Re: [Sshguard-users] [syslog-ng] syslog-ng MSGHDR

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 2010-01-22 at 16:35 +0100, Mij wrote:
> On Jan 22, 2010, at 11:25 , Balazs Scheidler wrote:
> 
> >> Can you clarify what is the intended template for producing entry tags
> >> of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg"
> >> in the different versions?
> > 
> > Can you show the user posting that states MSGHDR is the wrong approach
> > to do? I might be able to help troubleshooting it.
> 
> 
> sure. Confront:
> 
> http://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-BECE-DED8C0272EDB%40sshguard.net&forum_name=sshguard-users
> http://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-B32A-AF10B712E403%40sshguard.net&forum_name=sshguard-users
> 
> with:
> 
> http://sourceforge.net/mailarchive/forum.php?thread_name=C5633AC6-CD8F-451F-B301-D0FDC5130AB1%40sshguard.net&forum_name=sshguard-users
> http://sourceforge.net/mailarchive/forum.php?thread_name=8cb75a4a1001210418g30d0968ck79e8a4d1a6808bba%40mail.gmail.com&forum_name=sshguard-users
> 
> Notice the double "proftpd[25517]: proftpd[25517]:" occurrence when prepending $MSGHDR .
> 

I can't post there via the webpage, but the problem is most probably a
missing "@version: 3.0" line in the configuration. without that
syslog-ng 3.0 is operating in 2.x compatible mode.

However the posts there didn't include a complete configuration file,
but I guess this is the root cause of the problem.

Also, the missing @version directive is logged as a warning at syslog-ng
startup.

-- 
Bazsi

Re: [Sshguard-users] [syslog-ng] syslog-ng MSGHDR

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] [syslog-ng] syslog-ng MSGHDR