12 Nov
2015
12 Nov
'15
10:26 a.m.
On 11/12/2015 11:14 AM, Gareth Allen wrote:
The problem is I'd like to strip out the received timestamp and hostname from the beginning of the log and only have the raw Apache message.
With the no-parse flag you already disabled syslog-ng's parser so you got the raw apache log on the sending side. However to ensure that the receiver gets the message intact a protocol-compliant on-wire format must get used. You seem to use the old RFC3164 format so try template("<30> $R_ISODATE $HOST $MSG\n") of course you can change the priority, timestamp and hostname fields to whatever suits you best. hth, Sandor