<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000066">
<div class="moz-signature">
<div dir="ltr" align="left"><tt><font color="#000066"><span
class="881213810-08112007">Hi,<br>
<br>
I am trying to setup a syslog-ng architecture with a relay.<br>
<br>
Here is an example : <br>
<br>
Linux Host1 logs messages to syslog with facility user.info <br>
<br>
on Host1, syslog-ng is set up to forward these messages (with a filter
based on the facility) to Host2 via UDP<br>
<br>
Linux Host2(log collector)'s syslog-ng is configured to listen for
incoming udp packets, and forward them to a Windows Host3 after
changing the message's format thanks to a template (add the Source IP
at the beginning of the message)<br>
<br>
Windows Host3 processes the incoming udp messages.<br>
<br>
<br>
I have managed to make it work, that is, messages generated on Host1
with the logger command are successfully received on Host3.
Nevertheless, it looks like all the messages reaching my Host3 have the
facility/priority User.notice, instead of the original one.<br>
<br>
Here are some parts of my configuration :<br>
-------on Host1:<br>
<br>
</span>#filter for user facility - for tests<br>
filter f_user {facility(user); };<br>
<br>
destination host2 {udp("IP.Address.of.Host2");};<br>
log{ source(src); filter(f_user);destination( host2 );<br>
};<br>
<br>
------on Host2<br>
# syslog full redirection to Thibaud's machine<br>
destination host3 { udp("IP.ADDRESSE:OF:HOST" template("$SOURCEIP
$MSG\n")); };<br>
<br>
source s_udp {udp();};<br>
<br>
log { source(s_udp); destination ( host3 ); };<br>
<br>
<br>
I generate messages on host1 with the command logger -p user.warning
"message warning test"<br>
<br>
Is there anything I am doing wrong? Could changing the template make
the message lose information about Facility and Level?<br>
<br>
Thanks in advance<br>
</font><font color="#000066"><span class="881213810-08112007"><br>
<br>
</span></font></tt></div>
</div>
</body>
</html>