[syslog-ng] syslog-ng MSGHDR
Balazs Scheidler
bazsi at balabit.hu
Fri Jan 22 11:25:18 CET 2010
On Fri, 2010-01-22 at 09:43 +0100, Mij wrote:
> Dear syslog-ng folks,
>
> I am the maintainer of sshguard, see http://www.sshguard.net .
> Sshguard can be interfaced with syslog-ng. Multiple users of syslog-ng
> recently reported that switching to 3.x required a configuration change
> for preserving the original logging format, see
>
> https://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-BECE-DED8C0272EDB%40sshguard.net&forum_name=sshguard-users
> https://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-B32A-AF10B712E403%40sshguard.net&forum_name=sshguard-users
>
> We reflected the reports by updating the setup docs to contain a block
> for the 2.x version and one for 3.x , see
>
> http://www.sshguard.net/docs/setup/getlogs/syslog-ng/
>
> However, this change is not apparent in your documentation or changelogs,
> and other users reported that with even more recent versions, the "old format"
> is again the correct one.
syslog-ng can operate in both 2.x compatible mode and 3.x compatible
mode. The '@version' header in the syslog-ng configuration file controls
which one is used.
If someone has no version header, syslog-ng assumes it wants syslog-ng
2.x compatibility.
There was no macro related changes in the 3.0 series and still the
format with the MSGHDR is the correct one.
>
> Can you clarify what is the intended template for producing entry tags
> of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg"
> in the different versions?
Can you show the user posting that states MSGHDR is the wrong approach
to do? I might be able to help troubleshooting it.
--
Bazsi
More information about the syslog-ng
mailing list