Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Jun 1998 11:22:13 +0200 (CEST)
From:      edwin@nwm.wan.philips.com
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Cc:        edwin@nwm.wan.philips.com
Subject:   bin/7055: multiple syslog-forwarding will forget the original host
Message-ID:  <199806240922.LAA05723@rs.nwm.wan.philips.com>
next in thread | raw e-mail | index | archive | help 

>Number:         7055
>Category:       bin
>Synopsis:       multiple syslog-forwarding will forget the original host
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 24 12:20:01 PDT 1998
>Last-Modified:
>Originator:     Edwin Groothuis
>Organization:
Origin-IT/Systems
>Release:        FreeBSD 2.2.5-RELEASE i386
>Environment:

	We are having several remote systems which are receiving
	syslog messages from routers, switches etc and we forward
	these messages to a central system for alerting and so.

>Description:

	If these messages are forwarded, the original name of
	the router which has sent the syslog message is lost.

>How-To-Repeat:

	We had the syslog forwarding defined as:
	    router -> remote-system -> central-system

	on the router we have:
	    logging <ip address of remote-system>

	on the remote-system we have in the syslog.conf:
	    local7.*	@central-system

	on the central-system we have:
	    local7.*	/var/log/nmslog

	If the router sends a syslog-message towards the remote-system
	it will be like:
	    date/time d-nl07sc0.wan.philips.com: :SNMP-5:Link Up Trap...

	On the central-system it will become:
	    date/time remote-system: :SNMP-5:Link Up Trap...

>Fix:
	The change has to be made in /usr/src/usr.sbin/syslogd/syslogd.c
	function fprintlog() switch statement F_FORW:

	    Old code line 758:
                l = snprintf(line, sizeof line - 1, "<%d>%.15s %s",  
                             f->f_prevpri, iov[0].iov_base, iov[4].iov_base);    
	    New code:
		/* check for local vs remote messages */
		if (strcmp(f->f_prevhost,LocalHostName))
		    l = snprintf(line, sizeof line - 1,
			    "<%d>%.15s Forwarded from %s: %s",
			    f->f_prevpri, iov[0].iov_base, f->f_prevhost,
			    iov[4].iov_base);
		else
		    l = snprintf(line, sizeof line - 1, "<%d>%.15s %s",
			    f->f_prevpri, iov[0].iov_base, iov[4].iov_base);


>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806240922.LAA05723>