<div dir="ltr"><div><div>For one, I think you were sending your log messages not to an RFC5424 capable source, you need to use the syslog() driver, for example:<br><br></div>source src { <br></div> syslog(transport(udp));<br><div>};<br><br><br></div><div>There are other transports available (like tcp or tls). The NIL value at the date position seems to be supported, but I am not sure which version added this. I've checked out the current master.<br><br></div><div>But I think what you are after is the "no-parse" flag.<br><br></div><div>source src {<br></div><div> tcp(flags(no-parse));<br></div><div>};<br><br></div><div>This means that the entire line received is stuffed into the $MSG name-value pair.<br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Fri, Sep 23, 2016 at 11:28 AM, Csuti Istvan <span dir="ltr"><<a href="mailto:icsuti@zalaszam.hu" target="_blank">icsuti@zalaszam.hu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi All!<br>
<br>
The solution is:<br>
Use old RFC3164 message syntax without timestamp:<br>
The UDP message is:<br>
"<prio>procname[procid]: LogMessage"<br>
<br>
prio: byte 0-191 (See more information in RFC3164
<a href="https://www.ietf.org/rfc/rfc3164.txt" target="_blank">https://www.ietf.org/rfc/<wbr>rfc3164.txt</a>)<br>
procname: string (max length 48 character)<br>
procid: number (Max length 128 character)<br>
Full UDP message length 1024 character<br>
<br>
Best regards<span class=""><br>
<br>
2016.09.22. 10:55 keltezéssel, Fekete, Róbert írta:<br>
</span></div>
<blockquote type="cite"><span class="">
<pre>I see. Then the easiest is probably to not bother with the timestamp on the
sender (arduino) side, and set the keep-timestamp(no) option on the server
side.
On Wed, Sep 21, 2016 at 9:41 PM, Csuti Istvan <a href="mailto:icsuti@zalaszam.hu" target="_blank"><icsuti@zalaszam.hu></a> wrote:
</pre>
</span><blockquote type="cite">
<pre>Hi!
I write a program on arduino embended system.
This device do not have Real Time Clock.
I sended UDP syslog datagram from this device.
2016.09.21. 20:19 keltezéssel, Fekete, Róbert írta:
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side,
where you write the message into a file. There you can use a template,
something like the one below. But why do you want to send a message without
a timestamp?
destination d_file {
file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <a href="mailto:icsuti@zalaszam.hu" target="_blank"><icsuti@zalaszam.hu></a> <a href="mailto:icsuti@zalaszam.hu" target="_blank"><icsuti@zalaszam.hu></a> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section
2.8.2,
IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question:
What is wrong in my message string?
The syslog-ng server why do not decode "1" after ">" as version?
Can i send old syslog message (RFC3164) without timestamp?
Best Regards
Istvan Csuti
______________________________<wbr>______________________________
__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><div><div class="h5">
Documentation: <a href="http://www.balabit.com/support/documentation/" target="_blank">http://www.balabit.com/<wbr>support/documentation/</a>?
product=syslog-ng
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side,
where you write the message into a file. There you can use a template,
something like the one below. But why do you want to send a message without
a timestamp?
destination d_file {
file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <a href="mailto:icsuti@zalaszam.hu" target="_blank"><icsuti@zalaszam.hu></a> wrote:
</div></div></pre><div><div class="h5">
<blockquote type="cite">
<pre>Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section
2.8.2,
IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question:
What is wrong in my message string?
The syslog-ng server why do not decode "1" after ">" as version?
Can i send old syslog message (RFC3164) without timestamp?
Best Regards
Istvan Csuti
______________________________<wbr>______________________________
__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=</a>
syslog-ng
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
</pre>
</blockquote>
</div></div><pre>
______________________________<wbr>______________________________<wbr>__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><span class="">
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
--
Csuti István
rendszergazda
______________________________<wbr></span>____________________
Zalaszám Informatika Kft.
8900 Zalaegerszeg, Mártírok útja 53.
Telefon: <a href="tel:92%2F502-593" value="+3692502593" target="_blank">92/502-593</a>
Fax: <a href="tel:92%2F502-501" value="+3692502501" target="_blank">92/502-501</a>
e-mail: <a href="mailto:icsuti@zalaszam.hu" target="_blank">icsuti@zalaszam.hu</a> <a href="mailto:%0Aicsuti@zalaszam.hu%09%09%09" target="_blank"><%0Aicsuti@zalaszam.hu%09%09%<wbr>09></a>
web: <a href="http://www.zalaszam.hu" target="_blank">www.zalaszam.hu</a><div><div class="h5">
______________________________<wbr>______________________________
__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/" target="_blank">http://www.balabit.com/<wbr>support/documentation/</a>?
product=syslog-ng
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
</div></div></pre><div><div class="h5">
<br>
<fieldset></fieldset>
<br>
<div dir="ltr">I see. Then the easiest is probably to not bother
with the timestamp on the sender (arduino) side, and set the
keep-timestamp(no) option on the server side.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 21, 2016 at 9:41 PM,
Csuti Istvan <span dir="ltr"><<a href="mailto:icsuti@zalaszam.hu" target="_blank">icsuti@zalaszam.hu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi!<br>
<br>
I write a program on arduino embended system.<br>
This device do not have Real Time Clock.<br>
I sended UDP syslog datagram from this device.
<div>
<div><br>
<br>
2016.09.21. 20:19 keltezéssel, Fekete, Róbert
írta:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<pre>Hi,
The easiest way to drop the timestamp is on the syslog-ng server side,
where you write the message into a file. There you can use a template,
something like the one below. But why do you want to send a message without
a timestamp?
destination d_file {
file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <a href="mailto:icsuti@zalaszam.hu" target="_blank"><icsuti@zalaszam.hu></a> wrote:
</pre>
<blockquote type="cite">
<pre>Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section
2.8.2,
IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question:
What is wrong in my message string?
The syslog-ng server why do not decode "1" after ">" as version?
Can i send old syslog message (RFC3164) without timestamp?
Best Regards
Istvan Csuti
______________________________<wbr>______________________________
__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/" target="_blank">http://www.balabit.com/support<wbr>/documentation/</a>?
product=syslog-ng
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a>
</pre>
<fieldset></fieldset>
<div dir="ltr">
<div>
<div>Hi,
</div>
The easiest way to drop the timestamp is on the syslog-ng
server side, where you write the message into a file. There
you can use a template, something like the one below. But
why do you want to send a message without a timestamp?
<pre style="display:table-cell"><span>destination d_file </span><span>{</span><span>
file </span><span>(</span><span>"/var/log/messages"</span><span> </span><span>template</span><span>(</span><span>"${MSG}\n"</span><span>)</span><span> </span><span>);</span><span>
</span><span>};</span></pre>
</div>
</div>
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Sep 21, 2016 at 7:41 PM,
Csuti Istvan <span dir="ltr"><<a href="mailto:icsuti@zalaszam.hu" target="_blank">icsuti@zalaszam.hu</a>></span>
wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All!
I would like send UDP message to the syslog server without
timestamp.
I readed RFC3164 and RFC5424 and
syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol):
see Section 2.8.2,
IETF-syslog messages (p. 13)" support NIL values "-" in
HEADER.
I sended this "<110>1 - hostname procname procid - -
Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - -
Message"
Question:
What is wrong in my message string?
The syslog-ng server why do not decode "1" after ">" as
version?
Can i send old syslog message (RFC3164) without timestamp?
Best Regards
Istvan Csuti
______________________________<wbr>______________________________<wbr>__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=syslog<wbr>-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a>
</blockquote>
</div>
</div>
<fieldset></fieldset>
<pre>______________________________<wbr>______________________________<wbr>__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a>
</pre>
</blockquote>
</blockquote>
<p>
</p>
</div></div><span><font color="#888888"><div>--
<span></span><small style="font-family:Arial Narrow">
Csuti István
rendszergazda
______________________________<wbr>____________________
</small>
<img style="font-family:Arial Narrow;width:96px;min-height:95px;float:left" alt="" hspace="10">
<small>
<span style="font-family:Arial Narrow"> Zalaszám Informatika
Kft.
</span>
<span style="font-family:Arial Narrow">
8900 Zalaegerszeg, Mártírok útja 53.
</span>
<span style="font-family:Arial Narrow"> Telefon: <a href="tel:92%2F502-593" value="+3692502593" target="_blank">92/502-593</a>
Fax: <a href="tel:92%2F502-501" value="+3692502501" target="_blank">92/502-501</a></span>
<span style="font-family:Arial Narrow">e-mail: </span><a style="font-family:Arial Narrow" href="mailto:%0Aicsuti@zalaszam.hu%09%09%09" target="_blank">
icsuti@zalaszam.hu</a><span style="font-family:Arial Narrow">
web: </span><a style="font-family:Arial Narrow" href="http://www.zalaszam.hu" target="_blank">www.zalaszam.hu</a>
</small>
</div>
</font></span></div>
______________________________<wbr>______________________________<wbr>__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a>
</blockquote></div>
</div>
<fieldset></fieldset>
<pre>______________________________<wbr>______________________________<wbr>__________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a>
</pre>
</div></div></blockquote></blockquote><div><div class="h5">
<p>
</p><div>--
<span></span><small style="font-family:Arial Narrow">
Csuti István
rendszergazda
______________________________<wbr>____________________
</small>
<img style="font-family:Arial Narrow;width:96px;min-height:95px;float:left" alt="" hspace="10">
<small>
<span style="font-family:Arial Narrow">
Zalaszám Informatika Kft.
</span>
<span style="font-family:Arial Narrow">
8900 Zalaegerszeg, Mártírok útja 53.
</span>
<span style="font-family:Arial Narrow"> Telefon:
<a href="tel:92%2F502-593" value="+3692502593" target="_blank">92/502-593</a>
Fax: <a href="tel:92%2F502-501" value="+3692502501" target="_blank">92/502-501</a></span>
<span style="font-family:Arial Narrow">e-mail: </span><a style="font-family:Arial Narrow" href="mailto:%0Aicsuti@zalaszam.hu%09%09%09" target="_blank">
icsuti@zalaszam.hu</a><span style="font-family:Arial Narrow">
web: </span><a style="font-family:Arial Narrow" href="http://www.zalaszam.hu" target="_blank">www.zalaszam.hu</a>
</small>
</div></div></div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>