"<134>" is the encoding of the facility severity as per RFC 3164 http://www.ietf.org/rfc/rfc3164.txt (section 4.1.1). Hopefully someone else on the list can point out why its appearing in your log messages. Can you post your syslog-ng version (syslog-ng -V) and relevant parts of your syslog-ng.conf file.
Florian Hines <lists@syn-recon.net> 01/08/09 8:59 AM >>> Hi Everyone,
I'm running into an issue where syslog-ng is adding extra characters to beginning of every line. Specifically, "<134>" is getting inserted right before the time stamp: <134>Jan 7 13:06:17 host1 kernel: device eth0 entered promiscuous mode This syslog-ng server is sending traffic to a remote Splunk instance (using TCP, not UDP), at first I though it was Splunk adding the characters but when I did a tcpdump on syslog-ng's outbound connection I found that they where already present. In addition to sending this traffic to Splunk the syslog-ng instance also log's local to a file. The <134> doesn't show up in the local file. Anyone have any ideas where this is coming from ? Thanks! Florian ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html