[syslog-ng] Win syslog-agent PRI

[Ting Feng]

Hi Admin,

Please unsubscribe fengtingting2001 at gmail.com

Thanks,
Tina

On 1/28/08, Balazs Scheidler <bazsi at balabit.hu> wrote:
>
> On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
> > >On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
> > >> Hi,
> > >>
> > >>
> > >>
> > >> I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
> > >> multiple linuxs sending syslog messages to this server, using
> > >> diferents PRIs.
> > >>
> > >> The problem is with the windows agent (2.1.4). In the windows agent I
> > >> have an message format like this: "<182>$DATE $HOST $EVENT_SOURCE:
> > >> $MSG", but at the server the received PRI is not 182.
> > >>
> > >> At the server I get messages with the correct PRI when the syslog-ng
> > >> agent is restarted:
> > >>
> > >>
> > >>
> > >> "Jan 28 10:57:41 10.176.25.108 LogRelay: Application started", with
> > >> local6 and info, but every message I send through syslog-ng agent
> > >> arrives at the server with user/notice (PRI 13).
> > >
> > >Are you reading messages from files or you are sending out the EventLog
> > >records?
> > >
> > >If my assumption is true, then the difference between the LogRelay entry
> > >and the other messages is that the LogRelay entry is coming from the
> > >EventLog, and the others come from files, right?
> > >
> > >I ask my collegue to look into this.
> > >
>
> I've talked to my collegue, and as it seems the 2.1.x version of the
> agent does not support templates for lines coming from file sources.
>
> However the upcoming 2.2 version already does, but it's not ready for
> public consumption yet.
>
> --
> Bazsi
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>