I recently encountered the same situation. I did find a very thorough post on one person's solution to this:
I ended up setting up a separate port for each protocol, which felt like a cleaner solution to me. It would be great if syslog-ng could more easily support this type of situation natively.
Steve
On 1/24/2023 8:12 AM, Matthias Gruber wrote:
Hi!
We have Appliances which are generating syslog-messages in both formats, one in 3164 the other in 5424.
Would it be possible to put them into one source?
Something like
source s_remote_appl_tcp {
syslog(
ip("99.99.99.99")
port("5152")
transport("tcp")
flags(no-parse)
);
};
and.... (just excepts)
parser p_0140_A_parser {
syslog-parser();
};
parser p_0140_B_parser {
syslog-parser(flags(syslog-protocol);
};
log {
source(s_remote_appl_tcp);
parser(p_0140_A_parser);
destination(d_0140_all);
flags(final);
};
log {
source(s_remote_appl_tcp);
parser(p_0140_B_parser);
destination(d_0140_all);
flags(final);
};
Any hints are welcome...
Cheers
Matthias
P.S. Its an OSE 3.38.1 running
------------------------------------------------------------------------------------
METZLER
Informationstechnologie
Matthias Gruber
IT-Infrastruktur & -Betrieb
B. Metzler seel. Sohn & Co.
Aktiengesellschaft
Untermainanlage 1
60329 Frankfurt am Main
Telefon 069 21 04 - 43 30
Telefax 069 21 04 - 40 40
MGruber@metzler.com
www.metzler.com