The timestamp is not a valid BSD syslog timestamp, therefore syslog-ng does not recognize it as a BSD syslog entry, adding its own header. Support for this timestamp could be added to syslog-ng though (log.c, parse_log_msg() function). Too bad this is different from the message format used by Cisco PIX as that is already supported. On Sat, 2006-01-21 at 14:36 +0000, krishna y wrote:
Hi,
I have configured the Syslog-ng in HPUX and forwarding the messages to Ciscoworks The original message to Syslog-NG is as following:
Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT: %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
While forwarding to other syslog server, Syslog-NG is adding it's own host name to the message and sending as below:
Jan 20 12:44:32 SYSNG.it.net CiscoDev01 7366: Jan 20 12:44:31.526 GMT: %SYS-5-CONFIG_I: Configured from 192.168.100.10 by snmp
(Note:SYSNG.it.net = HostName of Syslog-ng server, CiscoDev01=Device hostName)
The final syslog Server(Ciscoworks) is not treating the message is as from the CiscoDev01.There's no use of running script in Ciscoworks box to remove the entry of SYSNG.it.net. It has to be done before receiving the message
How to avoid this at Syslog-NG level? Tried the following options, but no luck: keep_hostname(yes); chain_hostnames(no); long_hostnames(no);
Please let me know the procedure not to append the hostname of the Syslog-NG to the message.
Thanks in advance, Krishna Y
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Bazsi