On Wed, 2008-11-12 at 23:32 +0100, joël Winteregg wrote:
Hello Balazs,
Thank you very much for you quick reply ! The csv-xxx functionality looks really great. You're doing a really good job ! Thanks ! Indeed, today, I was looking for such a functionality into the doc ;-)
I think I will try your proposal as soon as possible and I will let you know how it works in my use case.
Juste to know, does syslog-ng only use relay config statements (keep_hostname, etc.) when the log source is defined as udp() or tcp() ?
no, keep_hostname is always applied. in 3.0, it is even possible to specify hostname related options on a per-source basis.
I'm asking this, because I'm wondering if I forward my SNMP trap to syslogd and then to syslog-ng through udp (@SYSLOG-COLLECTOR defined in syslog.conf), syslog-ng will maybe see the SNMP trap as a compliant RFC 3164 forwarded message ?
That wouldn't work. the problem is inherent in the syslog API, it does not let you change the hostname. The only way to work around that is to have snmptrapd to send its output to syslog-ng directly (and format the message according to the syslog protocol). There are multiple options: * pipe: make snmptrapd output go to a pipe, and reference this from syslog-ng; writing a pipe is about the same as writing a file, so this would probably work * program source: in 3.0, I introduced program source, which is basically a syslog-ng managed program, whose output is parsed as a syslog message, line by line. We use the latter in our syslog appliance. -- Bazsi