syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

veranyon · 2009-07-10 11:40:05

Permanently in the /var/log/messages are spam type:

.....
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128386 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128387 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128388 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128389 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128390 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128391 (expecting 5128384, lost or reordered)
Jun 26 22:24:02 serge pptp[5115]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5128392 (expecting 5128384, lost or reordered)
...

The messages are not particularly terrible. type, the provider is loaded from the channel, but these messages - ton.

What you need to fix in syslog_ng.conf, that would not have this garbage in the log file?
There're a lot of information but very academic focus. honestly, do not understand what to do.
Maybe someone saw a reference to an example of filtering unnecessary things in this system. algorithm

Thank you.

Last edited by veranyon (2010-02-16 01:20:49)

djszapi · 2009-07-10 19:11:18

When do this logs occur ? at boot or when ? if not monitor it with tail -f /etc/var/messages.log and when you do something you could see which event causes it.

arkham · 2009-07-11 00:52:13

This is how I used to filter out NetworkManager spam:

# DESTINATIONS
destination d_networkmanager { file("/var/log/networkmanager.log"); };
# FILTERS
filter f_networkmanager { match("NetworkManager" value("PROGRAM")); };
# LOGS
log { source(src); filter(f_networkmanager); destination(d_networkmanager); flags(final); };

veranyon · 2009-07-12 19:42:26

arkham wrote:

This is how I used to filter out NetworkManager spam:
# DESTINATIONS
destination d_networkmanager { file("/var/log/networkmanager.log"); };
# FILTERS
filter f_networkmanager { match("NetworkManager" value("PROGRAM")); };
# LOGS
log { source(src); filter(f_networkmanager); destination(d_networkmanager); flags(final); };

and /etc/rc.d/syslog-ng restart

It's not helping.

veranyon · 2010-02-16 01:19:00

/etc/ppp/peers/7-sky
replaced:
pty "pptp vpn.7-sky.info --nolaunchpppd"
to
pty "pptp vpn.7-sky.info --nolaunchpppd --loglevel 0"

[solved] (by half)

As I understood it's a bug of pptp client under linux. work with automtu functions etc. also a static mtu value in the options.pptp isn't good way.
it's bug because if I change tunnel file (loglevel 0) so pptp client anyway can't hold a speed of connect as it does windows/mac os x or l2tp client under any OS.

my max speed under win7 - ~6 MBps (watching about a week. utorrent, download master. any hosts)
under Linux - ~3 MBps (watching about a week. ktorrent, wget, lftp with pget options - multitread downloading. any hosts)

apparently pptp linux client drops packets anyway.

Last edited by veranyon (2010-02-16 01:32:20)

Arch Linux

#1 2009-07-10 11:40:05

syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

#2 2009-07-10 19:11:18

Re: syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

#3 2009-07-11 00:52:13

Re: syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

#4 2009-07-12 19:42:26

Re: syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

#5 2010-02-16 01:19:00

Re: syslog_ng and spam filtering [SOLVED(workaround - not full decision)]

Board footer