8 Nov
2007
8 Nov
'07
2:26 p.m.
Thanks Baszi. It's the little things. On Nov 8, 2007 2:47 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
10:06:14.322290 IP (tos 0x0, ttl 127, id 29867, offset 0, flags [none], proto UDP (17), length 131) 192.168.14.5.dcs > 192.168.17.212.syslog: SYSLOG, length: 103 Facility mail (2), Severity notice (5) Msg: Nov 06 10:11 example.com 10:11:48.866 2 SMTPI-459393(barracuda.example.com) [10865267] received, 6909 bytes
the problem is that the timestamp is not complete, it does not contain second information. As it is not properly formatted, syslog-ng assumes that it's not RFC3164 and takes the complete line as a message.