but i must admit that box1 breaks log too, sometimes it writes completely missplaced log,
> From: [email protected] > To: [email protected] > Date: Thu, 10 Oct 2013 16:31:28 +0000 > Subject: Re: [rsyslog] rsyslog filter > > Hi daivd, > please see log below > box1Oct 10 14:14:55 box1 kernel: ipt: SATURIN=bond0 OUT= > MAC=90:b1:1c:94:9d:49:00:1b:0d:e5:fd:09:08:90 SRC=12.12.12.12 DST=22.22.22.22 > LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=16965 DF PROTO=TCP SPT=51623 DPT=9917 > WINDOW=14600 RES=0x00 SYN URGP=0 > box2Oct 10 09:51:21 box2 kernel: ipt: SATURIN=bond0 OUT= > MAC=90:b1:9c:31:99:36:00:19:0d:e5:fd:90:08:09 SRC=12.12.12.12 DST=23.23.23.23 > LEN=64 TOS=0x00 PREC=0x00 TTL=58 ID=52679 DF PROTO=TCP SPT=58013 DPT=80 > WINDOW=65535 RES=0x00 SYN URGP=0 > > There is no diff as its two load same spec/OS/application etc. rsyslog > version, aswell as iptables version. > RegardsAshish > > > > > > > > > Date: Thu, 10 Oct 2013 09:27:17 -0700 > > From: [email protected] > > To: [email protected] > > Subject: Re: [rsyslog] rsyslog filter > > > > could you please show a sample iptables log message from each system? > > > > David Lang > > > > On Thu, 10 Oct 2013, Ashish Nepal wrote: > > > > > Date: Thu, 10 Oct 2013 16:19:26 +0000 > > > From: Ashish Nepal <[email protected]> > > > Reply-To: rsyslog-users <[email protected]> > > > To: rsyslog-users <[email protected]> > > > Subject: [rsyslog] rsyslog filter > > > > > > Hi Rsyslog users, > > > I have been trying to filter iptables rules from kernel rules, its been > > > quite bizzare that same config works for one of the box and not in other. > > > > > > > > > #### #### /etc/rsyslog.conf [CentOS release 6.4 (Final)]#### > > > $ModLoad imuxsock # provides support for local system logging (e.g. via > > > logger command)$ModLoad imklog # provides kernel logging support > > > (previously done by rklogd)$ActionFileDefaultTemplate > > > RSYSLOG_TraditionalFileFormat$IncludeConfig /etc/rsyslog.d/*.conf > > > > > > #iptables Log:msg, startswith,"ipt: " /var/log/iptables.log& ~ > > > kern.* /var/log/kernel > > > > > > > > > > > > > > > > > > > > > ###### As that didnt work i also tried to test below given format, with > > > no luck. > > > #iptables Log:msg, startswith,"ipt: " -/var/log/iptables.log& ~ > > > > > > has anyone faced simillar issue with rsyslog? > > > RegardsAshish > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
