[syslog-ng]Syslog-ng adds unwanted entries to my logs...
Gregor Binder
gbinder@sysfive.com
Tue, 19 Dec 2000 16:44:26 +0100
--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Matt Mencel on Tue, Dec 19, 2000 at 08:55:23AM -0600:
Hi,
> Dec 19 08:22:28 otherserver root: www.somewebpage.com 123.123.123.123 - -
> [19/Dec/2000:08:22:28 -0600] "GET /index.html HTTP/1.1" 200 2026
> http://www.somewebpage.com/ "Mozilla/4.0 (compatible; MSIE 5.0; Windows 9=
8;
> DigExt)"
I don't think you can fix this on the syslog-ng side. I have two
ideas:
1. use a program() destination:
destination d_ftplog {
program("sed -e 's/^\([A-Za-z0-9:]* \)\{5\}//' > my_logfile");
}
This is untested and will put some extra load on your log-box ...
2. tweak your analysis software to ignore the other fields. Shouldn't
be too hard, especially if it's perl, and you wont have much extra
load, since the tool needs to parse the whole string somewhere
anyways.
Hope this helps,
Gregor.
--=20
Gregor Binder <gbinder@sysfive.com> http://www.sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (SSF/Unix)
Comment: For info see http://www.sysfive.com/
iD8DBQE6P4JasSgBwCDG2lURAoQXAKCyQVtG9b69IHd90CI3iZ1fdyEStgCfYixs
NoVXlDr1D2lWCFJl/6n3GIU=
=HWT0
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--