I think program() is the best bet for you. I haven't had anything like that happen when using program(). What version of syslog-ng are you using? I don't think syslog-ng is sending newlines, but your script may be interpreting "silence" from syslog-ng as nothing and appending a newline or something. If you post a snippet from your script showing how it's reading from syslog-ng, that would help. It would also help to see the config relevant to the program() destination. On Thu, Dec 9, 2010 at 12:27 PM, Jay <difficult_id@yahoo.com> wrote:
Have a requirement to convert all incoming syslogs to SNMP traps and send it to another host. One option I could think of is to use program () destination.
When I tried this option, I find that syslog-ng is continuously sending newline characters to the specified program. i.e. even when no syslog is received, syslog-ng seems to be pumping newline chars to the specified program.
Also I read the warning message in admin guide that, it will open up the door to DOS attack.
Could someone let me know the best way to achieve this, please ?
Thanks in advance for the help. John
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html