<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18939"></HEAD>
<BODY>
<DIV><FONT size=2 face="Courier New"><SPAN class=256260021-06102010>I have the
latest syslog-ng on an Opensuse 11.2 acting as a syslog server and it is working
well except for one thing - the Windows event logs that are being sent with the
Datagram Syslog Agent contain a space that causes issues. Initially, all of
these were going into /var/log/messages until I added the keep_hostname(yes)
argument. </SPAN></FONT></DIV>
<DIV><FONT size=2 face="Courier New"><SPAN
class=256260021-06102010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face="Courier New"><SPAN class=256260021-06102010>After doing
that, it now puts the Windows logs into the appropriate folder under
/var/log/hosts/ but it still puts a copy into the /var/log/messages file. I
would like to have that log only contain log messages from
Opensuse.</SPAN></FONT></DIV>
<DIV><FONT size=2 face="Courier New"><SPAN
class=256260021-06102010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face="Courier New"><SPAN class=256260021-06102010>Is there a
configuration setting I am missing, or is this caused by the fact that the
syslog agent does not correct the eventlog message so that it adheres to the
standard syslog message format? If the latter, does anyone know of an open
source/free agent that does this?</SPAN></FONT></DIV>
<DIV><FONT size=2 face="Courier New"><SPAN
class=256260021-06102010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face="Courier New"><SPAN class=256260021-06102010>An example
of one of the problematic messages is:</SPAN></FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2 face="Courier New">Oct 6 11:02:08 cli-fs-1
security[success] 576 NT AUTHORITY\SYSTEM Special privileges assigned to new
logon: User Name:CLI-FS-1$ Domain:<SPAN
class=256260021-06102010>(obscured)</SPAN> Logon ID:(0x0,0x11331C8)</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><SPAN class=256260021-06102010><FONT size=2
face="Courier New">Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=256260021-06102010><FONT size=2
face="Courier New"></FONT></SPAN> </DIV><FONT size=2 face=Arial>
<DIV align=left><FONT face="Courier New">Jerry Riedel</FONT></DIV>
<DIV> </DIV>
<DIV align=left></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV></BODY></HTML>