Hi, Sure. As it seems you are using no-parse on the server side which puts the entire syslog record with headers and stuff into $MSG. If you transfer messages with the syslog() driver, you need a matching syslog() source on the other side. Then if you only want the MSG in your log file, just use a template("$MSG") on the server side. You can configure various things at reception in syslog-ng, and you need to decide what options to use at each of the hops the message is traveling: 1. Application to syslog-ng on the client: in your sample it was the normal syslog API 2. Syslog-ng to syslog-ng: your sample was rfc5424, receiving via a no-parse network destination. 3. When syslog-ng writes the file to disk. With syslog-ng you can customize how to send stuff but also how to parse it. The easiest use case to let literal messages transferred to the server side: * app writing messages to a file/named pipe * syslog-ng reading this via flags(no-parse) * transferring messages using any of the transport options (syslog, network) to a dedicated port (eg. One which is not merged with normal syslog) * on the server side, write these to a file with template("$MSG\n") There are other ways for sure (for instance instead of a dedicated port you could use filtering on the server if you can identify these messages easily). Hope this helps. Bazsi On Sep 6, 2014 11:06 PM, "Michael Yacc" <yuolvka@gmail.com> wrote:
Dear all, I'm trying to configure syslog-ng as relay/proxy server. Seems to be
simple, but syslog server recieves encapsulated original syslog messages within outgoing "syslog-relay" messages.
Is there any way to configure syslog-ng (relay) to just forward orignal messages to syslog server?
Syslog-ng version used: 3.3.9
syslog-client$ logger "hello from syslog client"
on syslog-relay I added the following configuration:
######## sources ############### source s_relay_port { udp(ip(0.0.0.0) port(514)); };
######## destinations ############### destination d_syslog_server { syslog("syslog-server" transport("udp") port(514)); };
######## logging ############### log { source(s_relay_port); destination(d_syslog_server); };
syslog-server$ tail -F /var/log/syslog
Sep 6 23:53:28 syslog-relay-ip 1 2014-09-06T23:53:28+03:00
syslog-client-ip 1 - - - 2014-09-06T23:53:28+03:00 syslog-client-hostname root - - [meta sequenceId="38"] hello from syslog client
With best regards, Michael Yacc
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq