<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>RE : [syslog-ng] Removing Prefixes from Syslog-ng Messages</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Syslog-ng does not understand your header (that you call a prefix) so it thinks your message is headerless. As a syslog relay, according to RFCs, syslog-ng has to add its own header.<BR>
<BR>
So your application is sending a header with a wrong format. What's wrong is that you have both the hostname and the IP addresse of your source. Your problem seems somewhat similar to mine : <A HREF="https://bugzilla.balabit.com/show_bug.cgi?id=40">https://bugzilla.balabit.com/show_bug.cgi?id=40</A><BR>
<BR>
I think syslog-ng should be more flexible about acceptable headers : you should be able to tell syslog-ng which format your header is expected to be.<BR>
<BR>
<BR>
-------- Message d'origine--------<BR>
De: syslog-ng-bounces@lists.balabit.hu de la part de adam.j.brendamour@accenture.com<BR>
Date: jeu. 16/04/2009 18:39<BR>
À: syslog-ng@lists.balabit.hu<BR>
Objet : [syslog-ng] Removing Prefixes from Syslog-ng Messages<BR>
<BR>
Hello all,<BR>
<BR>
<BR>
<BR>
I am having issues with syslog-ng adding prefixes to my messages. I<BR>
currently have a syslog-ng agent sending messages from a log source to a<BR>
syslog-ng central server. I am then sending the messages from the<BR>
central server to a 3rd party event management program. Is there a way<BR>
to forward an unchanged syslog-ng message from the relay server?<BR>
<BR>
<BR>
<BR>
For example:<BR>
<BR>
Message arriving from source: <BR>
<BR>
Apr 16 09:31:07 psrdev47 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700]<BR>
"GET / HTTP/1.1" 302 427 "-" "-"<BR>
<BR>
Message being forwarded from server: <BR>
<BR>
Apr 16 09:31:07 10.56.2.77 125 <0>1 2009-04-16T09:31:02-07:00 psrdev47 -<BR>
- - - 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700] "GET / HTTP/1.1" 302<BR>
427 "-" "-"<BR>
<BR>
<BR>
<BR>
How can I configure the syslog-ng server to relay this unchanged message<BR>
to our destination?<BR>
<BR>
Apr 16 09:31:07 psrdev47 10.56.9.12 - - [16/Apr/2009:09:31:02 -0700]<BR>
"GET / HTTP/1.1" 302 427 "-" "-"<BR>
<BR>
<BR>
<BR>
Thanks for your help!<BR>
<BR>
<BR>
<BR>
Regards,<BR>
<BR>
Adam<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>