On Fri, 2010-01-22 at 16:35 +0100, Mij wrote:
On Jan 22, 2010, at 11:25 , Balazs Scheidler wrote:
Can you clarify what is the intended template for producing entry tags of the classic format "Jan 21 12:54:09 examplehost proftpd[18965]: applmsg" in the different versions?
Can you show the user posting that states MSGHDR is the wrong approach to do? I might be able to help troubleshooting it.
sure. Confront:
http://sourceforge.net/mailarchive/forum.php?thread_name=EE040D72-0185-41EB-... http://sourceforge.net/mailarchive/forum.php?thread_name=DA2160C1-09A0-475D-...
with:
http://sourceforge.net/mailarchive/forum.php?thread_name=C5633AC6-CD8F-451F-... http://sourceforge.net/mailarchive/forum.php?thread_name=8cb75a4a1001210418g...
Notice the double "proftpd[25517]: proftpd[25517]:" occurrence when prepending $MSGHDR .
I can't post there via the webpage, but the problem is most probably a missing "@version: 3.0" line in the configuration. without that syslog-ng 3.0 is operating in 2.x compatible mode. However the posts there didn't include a complete configuration file, but I guess this is the root cause of the problem. Also, the missing @version directive is logged as a warning at syslog-ng startup. -- Bazsi