Hi, Thanks again for your support.
Juste to know, does syslog-ng only use relay config statements (keep_hostname, etc.) when the log source is defined as udp() or tcp() ?
no, keep_hostname is always applied. in 3.0, it is even possible to specify hostname related options on a per-source basis.
Okay, interesting ! You can hardcode (into config file) a given HOST macro value associated to a source config ?
I'm asking this, because I'm wondering if I forward my SNMP trap to syslogd and then to syslog-ng through udp (@SYSLOG-COLLECTOR defined in syslog.conf), syslog-ng will maybe see the SNMP trap as a compliant RFC 3164 forwarded message ?
That wouldn't work. the problem is inherent in the syslog API, it does not let you change the hostname.
Okay, but here, what I wanted to achieve was the following. Log this SNMP message using snmptrapd syslog functionality: "Nov 12 16:57:59 wlc02.mydomain.com Cold Start" The given snmptrapd output message formatting (header): "Nov 12 16:57:59 wlc02.mydomain.com" set before every snmptrapd message is here to provide a RFC 3164 compliant message => this should allow syslog-ng to think that "Nov 12 16:57:59 wlc02.mydomain.com Cold Start" is a forwarded syslog message ? If so, this would allow me to fetch "wlc02.mydomain.com" as HOST macro using keep_hostname(on), no ?
The only way to work around that is to have snmptrapd to send its output to syslog-ng directly (and format the message according to the syslog protocol). There are multiple options:
* pipe: make snmptrapd output go to a pipe, and reference this from syslog-ng; writing a pipe is about the same as writing a file, so this would probably work
Ahhh, yeah ! That's much easier than my relayed message style ! If, as I did before, I format snmptrad message as follow (to a named pipe), it should work: "Nov 12 16:57:59 wlc02.mydomain.com Cold Start"
* program source: in 3.0, I introduced program source, which is basically a syslog-ng managed program, whose output is parsed as a syslog message, line by line.
Okay, really interesting too ;-) It reads logs from stdout and stderr of the given program ? Will try this (named pipe stuff) before the csv-parser option. As I'm also interested into csv-parser option I will invest time to try it too. Will let you know about last-column-greedy. Thanks again, Regards. Joël