If you send text to udp 514 port, syslog Will and a prefix:<timestamp> <host>The rfc5424 say that syslog header must start with PRI :< prival >Then version :<VERSION>And eventauly hostname:<hostname>The pri is a number that indicate severity and facility.Le ven. 19 juil. 2019 à 12:38, Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> a écrit :______________________________________________________________________________Hi Florian,
Can you be a bit more specific, please? Sorry, but I don't understand it.
Is syslog-ng storing your log in a different format than RFC5424?
Regards,Gabor
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Florian Goulais <goulais.florian@gmail.com>
Sent: Friday, July 19, 2019 11:36
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] Syslog-ng header & rfc5424CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi.I'am trying to understand why syslog-ng and an header (timestamp host) to log as the rfc specify another header.Someone can explain me the reason plz ?RegardsFlorian
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq