Privacy Policy

Guest
  • Guest
  • Guest Topic Starter
2005-05-26T18:46:53Z
Date parsed: 5/26/2005 6:46:53 PM
Date: Thu, 26 May 2005 17:46:53 +0200

Hi!

I try to setup logging from ntsyslog via network
to sl4nt 3.2 and then into PostgreSQL database via ODBC.

Records are inserted but (sic!) all fields except
portsource/portdestination are filled with current date!
In file log fields are OK:

2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:32
service control manager[info] 7035 STONEHENGE\saphire Do usługi NTsyslog
został pomyślnie wysłany kod sterowania zatrzymaj.

2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:51
service control manager[info] 7036 Usługa NTsyslog weszła w stan zatrzymania.

Here is example from database:
(last field is serial autoincrement)

"2005-05-26 17:20:55.81+02";"2005-05-26 15:20:55.81+02";"2005-05-26
00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
00:00:00";"1048";"2005-05-26 00:00:00";"514";"2005-05-26
00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"28"

"2005-05-26 17:20:57.392+02";"2005-05-26 15:20:57.392+02";"2005-05-26
00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
00:00:00";"1049";"2005-05-26 00:00:00";"514";"2005-05-26
00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"29"

here is a postgresql table structure, I had to expand varchar fields
becouse of inserted values (dates even for address ip fields) didn't
fit raising database error:

CREATE TABLE syslog
(
datetimelocal timestamptz,
datetimeutc timestamptz,
datetimerfc822local varchar(19),
datetimerfc822utc varchar(19),
ipaddresssource varchar(19),
hostnamesource varchar(255),
portsource int4,
ipaddressdestination varchar(19),
portdestination int4,
facility varchar(19),
facilitycode int4,
priority varchar(19),
prioritycode int4,
messagetext varchar(255),
id serial NOT NULL,
CONSTRAINT id_pk PRIMARY KEY (id)
)

I also debug postgresql ODBC and it seems that odbc driver
gets that strange values on input:

conn=13579752, query='insert into
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipaddresssource,hostnamesource,portsource,ipaddressdestination,portdestination,facility,facilitycode,priority,prioritycode,messagetext)
values('2005-05-26 17:41:25.788'::timestamp,'2005-05-26
15:41:25.788'::timestamp,'2005-05-26 00:00:00','2005-05-26
00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1078,'2005-05-26
00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26 00:00:00',1,'2005-05-26
00:00:00')'

conn=13579752, query='insert into
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipaddresssource,hostnamesource,portsource,ipaddressdestination,portdestination,facility,facilitycode,priority,prioritycode,messagetext)
values('2005-05-26 17:41:25.798'::timestamp,'2005-05-26
15:41:25.798'::timestamp,'2005-05-26 00:00:00','2005-05-26
00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1079,'2005-05-26
00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26 00:00:00',1,'2005-05-26
00:00:00')'

What about that?

--
..---------- -------- ------ ---- ---- --- - -- -
| Bartek `saphire` Siebab http://bartek.siebab.net 
Guest
  • Guest
  • Guest Topic Starter
2005-05-30T14:59:17Z
Date parsed: 5/30/2005 2:59:17 PM
Date: Mon, 30 May 2005 13:59:17 +0200

Hello Bartek,

I sent you a modified version of the sl4ntdb.dll to perform diagnostic
logging per personal e-mail.

Franz

"Bartek Siebab" <bs@vt.pl> wrote in message news:4295EF6D.40806@vt.pl...
> Hi!
>
> I try to setup logging from ntsyslog via network
> to sl4nt 3.2 and then into PostgreSQL database via ODBC.
>
> Records are inserted but (sic!) all fields except
> portsource/portdestination are filled with current date!
> In file log fields are OK:
>
> 2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:32
> service control manager[info] 7035 STONEHENGE\saphire Do us³ugi NTsyslog
> zosta³ pomy¶lnie wys³any kod sterowania zatrzymaj.
>
> 2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:51
> service control manager[info] 7036 Us³uga NTsyslog wesz³a w stan
zatrzymania.
>
> Here is example from database:
> (last field is serial autoincrement)
>
> "2005-05-26 17:20:55.81+02";"2005-05-26 15:20:55.81+02";"2005-05-26
> 00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
> 00:00:00";"1048";"2005-05-26 00:00:00";"514";"2005-05-26
> 00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"28"
>
> "2005-05-26 17:20:57.392+02";"2005-05-26 15:20:57.392+02";"2005-05-26
> 00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
> 00:00:00";"1049";"2005-05-26 00:00:00";"514";"2005-05-26
> 00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"29"
>
> here is a postgresql table structure, I had to expand varchar fields
> becouse of inserted values (dates even for address ip fields) didn't
> fit raising database error:
>
> CREATE TABLE syslog
> (
> datetimelocal timestamptz,
> datetimeutc timestamptz,
> datetimerfc822local varchar(19),
> datetimerfc822utc varchar(19),
> ipaddresssource varchar(19),
> hostnamesource varchar(255),
> portsource int4,
> ipaddressdestination varchar(19),
> portdestination int4,
> facility varchar(19),
> facilitycode int4,
> priority varchar(19),
> prioritycode int4,
> messagetext varchar(255),
> id serial NOT NULL,
> CONSTRAINT id_pk PRIMARY KEY (id)
> )
>
> I also debug postgresql ODBC and it seems that odbc driver
> gets that strange values on input:
>
> conn=13579752, query='insert into
>
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipadd
resssource,hostnamesource,portsource,ipaddressdestination,portdestination,fa
cility,facilitycode,priority,prioritycode,messagetext)
> values('2005-05-26 17:41:25.788'::timestamp,'2005-05-26
> 15:41:25.788'::timestamp,'2005-05-26 00:00:00','2005-05-26
> 00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1078,'2005-05-26
> 00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26 00:00:00',1,'2005-05-26
> 00:00:00')'
>
> conn=13579752, query='insert into
>
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipadd
resssource,hostnamesource,portsource,ipaddressdestination,portdestination,fa
cility,facilitycode,priority,prioritycode,messagetext)
> values('2005-05-26 17:41:25.798'::timestamp,'2005-05-26
> 15:41:25.798'::timestamp,'2005-05-26 00:00:00','2005-05-26
> 00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1079,'2005-05-26
> 00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26 00:00:00',1,'2005-05-26
> 00:00:00')'
>
> What about that?
>
> --
> .---------- -------- ------ ---- ---- --- - -- -
> | Bartek `saphire` Siebab http://bartek.siebab.net 


Guest
  • Guest
  • Guest Topic Starter
2005-05-30T20:44:33Z
Date parsed: 5/30/2005 8:44:33 PM
Date: Mon, 30 May 2005 19:44:33 +0200

Hello Bartek,

your problem is caused by a bug in the PostgreSQL ODBC driver.

See: http://gborg.postgresql..../bugs/bugupdate.php?1276 

Regards,
Franz

"Thomas Zechner" <thomas.zechner@uc4.com> wrote in message
news:0HpiB8QZFHA.4960@is1.netal.com...
> Hello Bartek,
>
> I sent you a modified version of the sl4ntdb.dll to perform diagnostic
> logging per personal e-mail.
>
> Franz
>
> "Bartek Siebab" <bs@vt.pl> wrote in message news:4295EF6D.40806@vt.pl...
> > Hi!
> >
> > I try to setup logging from ntsyslog via network
> > to sl4nt 3.2 and then into PostgreSQL database via ODBC.
> >
> > Records are inserted but (sic!) all fields except
> > portsource/portdestination are filled with current date!
> > In file log fields are OK:
> >
> > 2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:32
> > service control manager[info] 7035 STONEHENGE\saphire Do us³ugi
NTsyslog
> > zosta³ pomy¶lnie wys³any kod sterowania zatrzymaj.
> >
> > 2005-05-26,17:20:55,10.10.10.10,STONEHENGE,USER,ALERT,May 26 17:20:51
> > service control manager[info] 7036 Us³uga NTsyslog wesz³a w stan
> zatrzymania.
> >
> > Here is example from database:
> > (last field is serial autoincrement)
> >
> > "2005-05-26 17:20:55.81+02";"2005-05-26 15:20:55.81+02";"2005-05-26
> > 00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
> > 00:00:00";"1048";"2005-05-26 00:00:00";"514";"2005-05-26
> > 00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"28"
> >
> > "2005-05-26 17:20:57.392+02";"2005-05-26 15:20:57.392+02";"2005-05-26
> > 00:00:00";"2005-05-26 00:00:00";"2005-05-26 00:00:00";"2005-05-26
> > 00:00:00";"1049";"2005-05-26 00:00:00";"514";"2005-05-26
> > 00:00:00";"1";"2005-05-26 00:00:00";"1";"2005-05-26 00:00:00";"29"
> >
> > here is a postgresql table structure, I had to expand varchar fields
> > becouse of inserted values (dates even for address ip fields) didn't
> > fit raising database error:
> >
> > CREATE TABLE syslog
> > (
> > datetimelocal timestamptz,
> > datetimeutc timestamptz,
> > datetimerfc822local varchar(19),
> > datetimerfc822utc varchar(19),
> > ipaddresssource varchar(19),
> > hostnamesource varchar(255),
> > portsource int4,
> > ipaddressdestination varchar(19),
> > portdestination int4,
> > facility varchar(19),
> > facilitycode int4,
> > priority varchar(19),
> > prioritycode int4,
> > messagetext varchar(255),
> > id serial NOT NULL,
> > CONSTRAINT id_pk PRIMARY KEY (id)
> > )
> >
> > I also debug postgresql ODBC and it seems that odbc driver
> > gets that strange values on input:
> >
> > conn=13579752, query='insert into
> >
>
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipadd
>
resssource,hostnamesource,portsource,ipaddressdestination,portdestination,fa
> cility,facilitycode,priority,prioritycode,messagetext)
> > values('2005-05-26 17:41:25.788'::timestamp,'2005-05-26
> > 15:41:25.788'::timestamp,'2005-05-26 00:00:00','2005-05-26
> > 00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1078,'2005-05-26
> > 00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26
00:00:00',1,'2005-05-26
> > 00:00:00')'
> >
> > conn=13579752, query='insert into
> >
>
syslog(datetimelocal,datetimeutc,datetimerfc822local,datetimerfc822utc,ipadd
>
resssource,hostnamesource,portsource,ipaddressdestination,portdestination,fa
> cility,facilitycode,priority,prioritycode,messagetext)
> > values('2005-05-26 17:41:25.798'::timestamp,'2005-05-26
> > 15:41:25.798'::timestamp,'2005-05-26 00:00:00','2005-05-26
> > 00:00:00','2005-05-26 00:00:00','2005-05-26 00:00:00',1079,'2005-05-26
> > 00:00:00',514,'2005-05-26 00:00:00',1,'2005-05-26
00:00:00',1,'2005-05-26
> > 00:00:00')'
> >
> > What about that?
> >
> > --
> > .---------- -------- ------ ---- ---- --- - -- -
> > | Bartek `saphire` Siebab http://bartek.siebab.net 
>
>


Guest
  • Guest
  • Guest Topic Starter
2005-05-30T22:23:48Z
Date parsed: 5/30/2005 10:23:48 PM
Date: Mon, 30 May 2005 21:23:48 +0200

Thomas Zechner dnia 2005-05-30 19:44:
> Hello Bartek,
>
> your problem is caused by a bug in the PostgreSQL ODBC driver.
>
> See: http://gborg.postgresql..../bugs/bugupdate.php?1276 

thanks a lot, I will ask PostgreSQL ODBC maintainer to publish
compiled odbc driver snapshoot with patch on that page.

--
..---------- -------- ------ ---- ---- --- - -- -
| Bartek `saphire` Siebab http://bartek.siebab.net