Nate Campi wrote:
On Tue, Oct 10, 2006 at 12:30:36PM -0700, Evan Rempel wrote:
When logging from an AIX server, the format of the message can be
<$PRI>$DATE Message forwarded from $HOST: $MESSAGE
and syslog-ng handles this quite nicely, however, if an AIX machine is configured to use the "-s" option (short version) to the AIX syslogd subsystem, the message may be of the format
<$PRI>$DATE From $HOST: $MESSAGE
It would be nice if syslog-ng handled this as well.
I realize that I am asking for syslog-ng to "fix" another vendors problem, but in IBM's defense, starting in AIX 5.2 there is a "-n" option to syslogd that prevents it from prepending anything to a message, resulting in <$PRI>$DATE $MESSAGE
unfortunately, there is no host at all.
This is identical to how Solaris sends syslog messages. See:
http://www.campin.net/syslog-ng/syslog.html#problems
syslog-ng generally deals well with it, unless you get a program name with a space in it. The config directive bad_hostnames() was added to deal with them.
I can explain in more detail if needed. This thread is the one that prompted Bazsi to add the feature:
https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004345.html
Yes, except that you missed the part about a message of the format <$PRI>$DATE From $HOST: $MESSAGE that does have a host in it, but it is not the first word, and it also has a : in it. Looking at the source code, this specific format is not handled the same as the format <$PRI>$DATE Message forwarded from $HOST: $MESSAGE which is handled explicitly. It is this shortened relay format that I would like to have added to syslong-ng. Evan. -- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria