On Thu, Jan 02, 2003 at 03:21:56PM -0800, Nate Campi wrote:
On Thu, Jan 02, 2003 at 10:43:45AM +0100, Balazs Scheidler wrote:
the problem is ctlds sends a space in the program name tag, thus syslog-ng interprets 'ctlds' as hostname and '6.0' as program name. as keep_hostname() is set to no it rewrites originating host name.
Try setting keep_hostname() to yes, it will not touch the hostname then.
Right but "ctlds" isn't the hostname, larry is. My logs are wrong either way - I either lose half my program name or get the wrong hostname. Either way I lose.
Arg, I actually wrote my own syslog daemon to relay and rewrite all these last year. The only way to fix this with syslog-ng would be to add a feature like
options { bad_hostnames("ctlds","last"); };
When syslog-ng sees either of these:
Jan 2 15:06:47 ctlds 6.0[11718]: [0] Request error (500): Template processing error Jan 2 15:06:47 last message repeated 123 times
It knows to actually shift the message over one place to the right and stick the value of the $FULLHOST_FROM macro in there. Even if I tried templating out the message on my own syslog-ng will still think that "ctlds" or "last" isn't part of the message and it'll get lost.
the last messages case should be covered by the function parse_log_msg() it recognizes message repetitions and takes the complete message as message with no host or program name: /* Now, try to tell if it's a "last message repeated" line */ if (left >= sizeof(repeat_msg_string) && !memcmp(src, repeat_msg_string, sizeof(repeat_msg_string) - 1)) { ; /* It is. Do nothing since there's no hostname or program name coming. */ } I will think about the bad hostname feature. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1