some more info. tracing the output of the SSR, the packet does not contain the hostname at the proper place but only the timestamp. So the output looks like (translated into ascii): <174>Jan 13 04:02:12 %ACL_LOG-I-DENY, ACL [280] on "rtfa" UDP 192.168.1.2:4721 -> 14.9.1.3:53 The format as described in rfc3164 is only required for relays, which the router is not, as it is the originator of the packet. In fact in the standard it reads: 4.2 Original syslog Packets Generated by a Device There are no set requirements on the contents of the syslog packet as it is originally sent from a device. It should be reiterated here that the payload of any IP packet destined to UDP port 514 MUST be considered to be a valid syslog message. It is, however, RECOMMENDED that the syslog packet have all of the parts described in Section 4.1 - PRI, HEADER and MSG - as this enhances readability by the recipient and eliminates the need for a relay to modify the message. Setting 'keep_hostname(yes)', the message will be displayed correctly but without the hostname (contrary to the normal linux syslog). I could not fiddle out a single set of options that would have given me the output of the standard syslog. Any hints what I can do besides calling an external Program ? Mit besten GrĂ¼ssen, Kind regards, Patrick Hildenbrand
Patrick Hildenbrand Operations & Technology SAP Hosting AG & Co. KG Raiffeisenring 45 68789 St. Leon-Rot, Germany T +49/6227/7-66410 F +49/6227/7-66301 E patrick.hildenbrand@sap.com http://www.saphosting.com