[syslog-ng]UDP Template

Gianpiero Porchia syslog-ng@lists.balabit.hu
Thu, 25 Sep 2003 18:41:18 +0200 

Hi,

I would like to do log relaying, using syslog-ng.
But I need to change the log format.
The problem is that the "template" directive is not available for the udp
destination (even for the tcp destination).

Could you suggest me some work around to do that?

Thanks in advance.

- gian

P.S I've thought on a work around, but it doesn't work fine.

Hence the "template" directive is available for the pipes, I've used a pipe
destination to send the logs.
Then, I'm using the same pipe, as source, and I'm relaying the logs from it,
to another log server.
But syslog-ng thinks that the logs are coming from the server, and I get the
following (ie, it uses the standard log format, after the pipe):

Message Before the pipe
--------------------
[X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE: realloccg /u00: file system
full

Message After the pipe
---------------------
Sep 25 18:12:11 Figth_cluB_01 [X.Y.Z.K] ufs: [ID 213553 kern.notice] NOTICE:
realloccg /u00: file system full


I'm using this configuration:

# CONF #############################################
source s_net {
  udp();
};

source s_pipe_per_NI {
        pipe(/var/chroot/syslog-ng/dev/pipe_per_NI);
};

destination relay_to_NI {
        udp("A.B.C.D"
        );
};

destination d_pipe_per_NI {
        pipe("/dev/pipe_per_NI"
                template("[$HOST] $MSG\n")
        );
};

log {
  	source(s_net);
  	destination(d_pipe_per_NI);
	# Here, I can apply the template
};

log {
        source(s_pipe_per_NI);
  	  destination(relay_to_NI);
	  # Here, syslog-ng applies the standard log format :(
};

# END CONF #############################################




_____

Ing. Gianpiero Porchia
Security Engineer

ATS - Advanced Telecom Systems
Designing, Testing, Managing Network Quality

Via Salgari, 17 - 41100 Modena - ITALY
Tel   +39 059 821332
Fax  +39 059 821492
Cel   +39 335 330413
E-mail: gianpiero.porchia@atsweb.it
messenger.msn.com: http://messenger.msn.com/, gianpiero.porchia@atsweb.it
Web site: http://www.atsweb.it

PGP Key ID: 0xCAE064A4 (pgpkeys.mit.edu:11371)
Fingerprint: 080D AD88 C18A FCA3 91BC  0DF2 F05F 7489 CAE0 64A4