<p dir="ltr">Hi,</p>
<p dir="ltr">Sure. As it seems you are using no-parse on the server side which puts the entire syslog record with headers and stuff into $MSG.</p>
<p dir="ltr">If you transfer messages with the syslog() driver, you need a matching syslog() source on the other side. Then if you only want the MSG in your log file, just use a template("$MSG") on the server side.</p>
<p dir="ltr">You can configure various things at reception in syslog-ng, and you need to decide what options to use at each of the hops the message is traveling:</p>
<p dir="ltr">1. Application to syslog-ng on the client: in your sample it was the normal syslog API</p>
<p dir="ltr">2. Syslog-ng to syslog-ng: your sample was rfc5424, receiving via a no-parse network destination.</p>
<p dir="ltr">3. When syslog-ng writes the file to disk.</p>
<p dir="ltr">With syslog-ng you can customize how to send stuff but also how to parse it.</p>
<p dir="ltr">The easiest use case to let literal messages transferred to the server side:</p>
<p dir="ltr">* app writing messages to a file/named pipe<br>
* syslog-ng reading this via flags(no-parse)<br>
* transferring messages using any of the transport options (syslog, network) to a dedicated port (eg. One which is not merged with normal syslog)<br>
* on the server side, write these to a file with template("$MSG\n")</p>
<p dir="ltr">There are other ways for sure (for instance instead of a dedicated port you could use filtering on the server if you can identify these messages easily).<br></p>
<p dir="ltr">Hope this helps.<br>
Bazsi</p>
<p dir="ltr">On Sep 6, 2014 11:06 PM, "Michael Yacc" <<a href="mailto:yuolvka@gmail.com">yuolvka@gmail.com</a>> wrote:<br>
><br>
> Dear all,<br>
> I'm trying to configure syslog-ng as relay/proxy server. Seems to be simple, but syslog server recieves encapsulated original syslog messages within outgoing "syslog-relay" messages.<br>
> Is there any way to configure syslog-ng (relay) to just forward orignal messages to syslog server?<br>
><br>
> Syslog-ng version used: 3.3.9<br>
><br>
> syslog-client$ logger "hello from syslog client"<br>
><br>
> on syslog-relay I added the following configuration:<br>
>><br>
>> ######## sources ###############<br>
>> source s_relay_port {<br>
>> udp(ip(0.0.0.0) port(514));<br>
>> };<br>
>><br>
>> ######## destinations ###############<br>
>> destination d_syslog_server {<br>
>> syslog("syslog-server" transport("udp") port(514));<br>
>> };<br>
>><br>
>> ######## logging ###############<br>
>> log {<br>
>> source(s_relay_port);<br>
>> destination(d_syslog_server);<br>
>> };<br>
><br>
><br>
> syslog-server$ tail -F /var/log/syslog <br>
>>><br>
>>> Sep 6 23:53:28 syslog-relay-ip 1 2014-09-06T23:53:28+03:00 syslog-client-ip 1 - - - 2014-09-06T23:53:28+03:00 syslog-client-hostname root - - [meta sequenceId="38"] hello from syslog client<br>
>><br>
>><br>
> With best regards,<br>
> Michael Yacc<br>
><br>
> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>
><br>
</p>