On Mon, 2010-10-18 at 14:41 +0200, Elgin Lorenz wrote:
Hello experts,
today we switched our syslog-ng server from linux (CentOS 5.5) to a Solaris 9 box. All went well, until I noticed that syslog-ng obviously changes some of the log entries.
Here are the 2 examples I noticed:
Message on the local host: Oct 18 14:19:15 xxx kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
Message on the syslog-ng server: Oct 18 14:19:15 xxx kernel: kernel: IN=eth1 OUT= MAC=xxx SRC=xxx DST=xxx LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=119 PROTO=UDP SPT=138 DPT=138 LEN=215
(one "kernel: " added)
Message on the local host: Oct 18 14:03:06 xxx last message repeated 2 times
Message on the syslog-ng server: Oct 18 14:03:06 xxx last: message repeated 2 times
(one ":" added)
On Linux I never saw this behaviour. Until now I couldn't find the mistake. What am I doing wrong? Did anyone else see something like this?
Thanks in advance for your help.
I don't know the syslog-ng version, but can you try: flags(store-legacy-msghdr) flag on your source? -- Bazsi