This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug - logfile hostname changes after new gateway ip assigned

I'm using the home user licence and have found what appears to problem with the Remote Syslog Server module.

I have my UTM sending all log files to my local splunk installation.

Problem.
When my internet provider changes my gateway ip address, (or I do a reconnect and get assigned a new ip) the hostname in my log files changes.

Solution.
Log into the UTM, go to Log Settings -> Remote Syslog Server, and then Disable and re-Enable. The log files are now showing the correct hostname.

(Why isn't there an option to attach an example log file.. to this..)

Example log file below..

This shows when the connection gateway was reset.

2016-05-11T11:07:35.338554+10:00 astaro.tspoon.com.au 2016: 05:11-11:07:05 awed [master][4209]: Cannot connect: Connection refused
2016-05-11T11:07:35.418430+10:00 astaro.tspoon.com.au 2016: 05:11-11:07:05 astaro irqd[5333]: received SIGTERM
2016-05-11T11:10:09.416435+10:00 gateway 2016: 05:11-11:08:58 astaro syslog-ng[4458]: syslog-ng starting up; version='3.4.7'
2016-05-11T11:10:09.416435+10:00 gateway 2016: 05:11-11:08:59 astaro ulogd[4449]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth2" srcmac="00:08:a2:09:31:20" srcip="192.168.11.1" dstip="192.168.11.2" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="58795" dstport="515" tcpflags="SYN"

This shows when I disabled, then re-enable the remote syslog

2016-05-11T16:24:24.774352+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::Changed:194() => configversion=13
2016-05-11T16:24:24.777239+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::Changed:204() => nodes=1 objects=0 triggers=0
2016-05-11T16:24:24.777934+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::load:347() => modules=1,2
2016-05-11T16:24:34.190335+10:00 astaro.tspoon.com.au 2016: 05:11-16:24:02 astaro syslog-ng[4458]: Configuration reload request received, reloading configuration;
2016-05-11T16:24:34.190335+10:00 astaro.tspoon.com.au 2016: 05:11-16:24:03 astaro middleware[3706]: T modules::ipset::deleteUnused:320() => auto#=9/682 confd#=1/341

Trevor..

This thread was automatically locked due to age.

Parents

TrevorFurnell over 8 years ago

I've tagged this as a bug. Having a home user licence means I can't officially log a bug.

Trying to get some-one from Sophos to look at this, and see if I'm correct and it is a bug..
Cancel
Vote Up 0 Vote Down

Cancel

Reply

TrevorFurnell over 8 years ago

I've tagged this as a bug. Having a home user licence means I can't officially log a bug.

Trying to get some-one from Sophos to look at this, and see if I'm correct and it is a bug..
Cancel
Vote Up 0 Vote Down

Cancel

Children

TrevorFurnell over 8 years ago in reply to TrevorFurnell

Hi;

Problem/Bug is still happening.
Cancel
Vote Up 0 Vote Down

Cancel