Altostratus
I have tried using a destination such as
destination d_host{
udp6("2620:0:c10:f501:0:1:ac1e:140f");
};
but no traffic seems to go out (should be to 172.30.20.15%1)
I'm using v 10.1 software, and add the syslog changes through "bigpipe syslog include" and restart syslog-ng after the changes.
I've tested to a custom file, and that works ok
Cirrostratus
If you've confirmed the conversion from 172.30.20.15%1 to 2620:0:c10:f501:0:1:ac1e:140f is correct and the syslog messages still aren't being sent by syslog-ng, I'd open a case with F5 Support on this.
Aaron
Altostratus
destination d_host{
udp6("2620:0:c10:f501:0:1:ac1e:140f" port(514));
};
Cumulonimbus
currently I have the same problem and I was happy to find this thread.
But I still have problems with restarting the syslog-ng deamon, because I get the following error message:
Starting syslog-ng: Error resolving hostname; host='136.131.236.15%2'
No destination address set;
[FAILED]
Below you can see the output of 'b syslog list all':
syslog {
authpriv from notice
authpriv to emerg
cron from warning
cron to emerg
daemon from notice
daemon to emerg
include "
destination remote_server {
udp6(\"2620:0000:0C10:F501:0000:0002:8883:EC0F\" port (514));
};
filter f_local0 {
facility(local0) and not match(\": Access from:\");
};
filter f_local0_accesslog {
facility(local0) and match(\": Access from:\");
};
log {
source(local);
filter(f_local0_accesslog);
destination(remote_server);
};
"
kern from notice
kern to emerg
mail from notice
mail to emerg
messages from notice
messages to warning
userlog from notice
userlog to emerg
remote server mlogsrv {
host 136.131.236.15%2
local ip none
remote port 514
}
}
What does it mean 'No destination address set'?
Please help, thank you!
Ciao Stefan :)
Cirrostratus
Is the host 136.131.236.15%2 part of your syslog include statement or the error?
Aaron
Cumulonimbus
I removed the remote syslog server config ('b syslog remote server none') and then I could successfully restart the syslog-ng deamon.
But I'm still wondering, because I thought I tried exactly this configuration before and it was not working.
My syslog config is now:
syslog {
authpriv from notice
authpriv to emerg
cron from warning
cron to emerg
daemon from notice
daemon to emerg
include "
destination remote_server {
udp6(\"2620:0000:0C10:F501:0000:0002:8883:EC0F\" port (514));
};
filter f_local0 {
facility(local0) and not match(\": Access from:\");
};
filter f_local0_accesslog {
facility(local0) and match(\": Access from:\");
};
log {
source(local);
filter(f_local0_accesslog);
destination(remote_server);
};
"
kern from notice
kern to emerg
mail from notice
mail to emerg
messages from notice
messages to warning
userlog from notice
userlog to emerg
remote server none
}
Ciao Stefan :)
Cumulonimbus
But in the meanwhile I found an alternative solution. Remote logging can also be defined directly in the iRule, this has the advantage that it is more safe during software updates and it's not that complicate to configure the required filters within syslog-ng.conf.
Please have a look at the iRule Wiki page:
http://devcentral.f5.com/wiki/default.aspx/iRules/log.html
We are using it with Route Domains, but without partitions. Therefor we have to specify the normal IPv4 address including the %RD, e.g. :
log 136.131.236.15%2:514 daemon. "[IP::remote_addr] -> [HTTP::host][HTTP::uri]"
I'm not sure if you can leave the %RD if you are working with partitions.
Ciao Stefan :)