[syslog-ng] syslog-ng MSGHDR
Balazs Scheidler
bazsi at balabit.hu
Sat Feb 6 16:58:19 CET 2010
On Fri, 2010-01-22 at 16:35 +0100, Mij wrote:
> On Jan 22, 2010, at 11:25 , Balazs Scheidler wrote:
>
> >> Can you clarify what is the intended template for producing entry tags
> >> of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg"
> >> in the different versions?
> >
> > Can you show the user posting that states MSGHDR is the wrong approach
> > to do? I might be able to help troubleshooting it.
>
>
> sure. Confront:
>
> http://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-BECE-DED8C0272EDB%40sshguard.net&forum_name=sshguard-users
> http://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-B32A-AF10B712E403%40sshguard.net&forum_name=sshguard-users
>
> with:
>
> http://sourceforge.net/mailarchive/forum.php?thread_name=C5633AC6-CD8F-451F-B301-D0FDC5130AB1%40sshguard.net&forum_name=sshguard-users
> http://sourceforge.net/mailarchive/forum.php?thread_name=8cb75a4a1001210418g30d0968ck79e8a4d1a6808bba%40mail.gmail.com&forum_name=sshguard-users
>
> Notice the double "proftpd[25517]: proftpd[25517]:" occurrence when prepending $MSGHDR .
>
I can't post there via the webpage, but the problem is most probably a
missing "@version: 3.0" line in the configuration. without that
syslog-ng 3.0 is operating in 2.x compatible mode.
However the posts there didn't include a complete configuration file,
but I guess this is the root cause of the problem.
Also, the missing @version directive is logged as a warning at syslog-ng
startup.
--
Bazsi
More information about the syslog-ng
mailing list