On Tue, Oct 10, 2006 at 12:30:36PM -0700, Evan Rempel wrote:
When logging from an AIX server, the format of the message can be
<$PRI>$DATE Message forwarded from $HOST: $MESSAGE
and syslog-ng handles this quite nicely, however, if an AIX machine is configured to use the "-s" option (short version) to the AIX syslogd subsystem, the message may be of the format
<$PRI>$DATE From $HOST: $MESSAGE
It would be nice if syslog-ng handled this as well.
I realize that I am asking for syslog-ng to "fix" another vendors problem, but in IBM's defense, starting in AIX 5.2 there is a "-n" option to syslogd that prevents it from prepending anything to a message, resulting in <$PRI>$DATE $MESSAGE
unfortunately, there is no host at all.
This is identical to how Solaris sends syslog messages. See: http://www.campin.net/syslog-ng/syslog.html#problems syslog-ng generally deals well with it, unless you get a program name with a space in it. The config directive bad_hostnames() was added to deal with them. I can explain in more detail if needed. This thread is the one that prompted Bazsi to add the feature: https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004345.html -- Nate I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time, like tears in rain. Time to die. -- Roy Batty, Blade Runner