-----Original Message-----
From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Evan Rempel Sent: Thursday, September 15, 2005 10:51 AM To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] syslog-ng 1.6.8 bug: not maintaining priority
If I use the template option for TCP or UDP destinations, the priority of a message is always user.notice.
<snip>
and I got the following in the /var/log/syslog-ng file
Sep 15 10:38:51 cashmere.comp.uvic.ca <http://cashmere.comp.uvic.ca> user notice ftp alert From cashmere.comp.uvic.ca <http://cashmere.comp.uvic.ca>: sysprog: everything is wrong
Notice that the udp sent message contains the original ftp.alert priority, but when the message is received via UDP, the message has priority user.notice.
Am I doing something wrong?
Check out the detailed syslog explanation at: http://www.campin.net/syslog-ng/syslog.html Since your message isn't "<PRI>HEADER MSG" it's being rewriten in accordance with standard syslog practice and RFC3164. I didn't know syslog-ng doesn't put a <PRI> field in the beginning no matter what, but it makes sense that it wouldn't when you're specifying the format yourself. You'll have to add it. Problem is, I don't know that you can. Going by what's on the FAQ: $TAG Hex representaiton of the 32-bit priority/facility pair (see /usr/include/sys/syslog.h) 1f You can't use a hex number there, it needs to be decimal. I don't see a macro that we can use to properly set the decimal <PRI> in the beginning of a templated message. Bazsi, can you shed any light on this? BTW, I think most formatting questions can be answered by people on their own after they read that syslog explanation page.