If you supply the template() option on the first server, that change the format the protocol expects. So you need to use the standard template and then reformat it to your needs on the 2nd, by using template there. The reason the $program captured the severity value as you were using $SEVERITY in the position where the normal syslog format expects the program name. The syslog-ng() driver Fabien mentioned requires you to include scl.conf which is the syslog-ng configuration library. On Thu, Dec 12, 2024, 07:43 Maurya, Shivani <shivani.maurya@intel.com> wrote:
Thanks for the response.
The format mentioned in the admin guide for 1st syslog server is resulting in failure of syslog-ng service, hence I modified it to make sure the syslog-ng service starts. On the 1st syslog server, I added the syslog destination as -
destination d_ewmm { syslog("secondary_IP"); };
On 2nd syslog server, default-network-drivers(); option is not working. Hence, I am trying to capture the syslog messages like -
source src { network(transport(udp) ip(secondary_IP) port(514));
};
But the issue still persists, no change in the message format.
Regards, Shivani Maurya
-----Original Message----- From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> On Behalf Of Fabien Wernli Sent: Wednesday, December 11, 2024 8:10 PM To: Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Syslog server chaining issue
Hi,
On 2024-12-11 12:47:29, Maurya, Shivani wrote:
Hi All,
I am using 2 syslog servers on version 3.31. The devices are sending syslog message to 1st syslog server. The 1st syslog server is forwarding the same message to 2nd syslog server.
Device --> Syslog Server 1 --> Syslog Server 2
I would suggest that you use the syslog-ng() destination so you don't have to worry about your udp template being reinterpreted poorly by the second syslog-ng.
https://syslog-ng.github.io/admin-guide/020_The_concepts_of_syslog-ng/007_Th...
https://syslog-ng.github.io/admin-guide/070_Destinations/310_syslog-ng/READM...
https://syslog-ng.github.io/admin-guide/060_Sources/000_Default-network-driv...
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq