Thanks for the response. The format mentioned in the admin guide for 1st syslog server is resulting in failure of syslog-ng service, hence I modified it to make sure the syslog-ng service starts. On the 1st syslog server, I added the syslog destination as - destination d_ewmm { syslog("secondary_IP"); }; On 2nd syslog server, default-network-drivers(); option is not working. Hence, I am trying to capture the syslog messages like - source src { network(transport(udp) ip(secondary_IP) port(514)); }; But the issue still persists, no change in the message format. Regards, Shivani Maurya -----Original Message----- From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> On Behalf Of Fabien Wernli Sent: Wednesday, December 11, 2024 8:10 PM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Syslog server chaining issue Hi, On 2024-12-11 12:47:29, Maurya, Shivani wrote:
Hi All,
I am using 2 syslog servers on version 3.31. The devices are sending syslog message to 1st syslog server. The 1st syslog server is forwarding the same message to 2nd syslog server.
Device --> Syslog Server 1 --> Syslog Server 2
I would suggest that you use the syslog-ng() destination so you don't have to worry about your udp template being reinterpreted poorly by the second syslog-ng. https://syslog-ng.github.io/admin-guide/020_The_concepts_of_syslog-ng/007_Th... https://syslog-ng.github.io/admin-guide/070_Destinations/310_syslog-ng/READM... https://syslog-ng.github.io/admin-guide/060_Sources/000_Default-network-driv... ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq