Hello Ivan, Most commonly there may be two main formats of logs that you may encounter. One is the traditional BSD-style syslog, described in RFC 3164: https://tools.ietf.org/html/rfc3164 The other is the IETF-style log format, described in RFC 5424: https://tools.ietf.org/html/rfc5424 In case of syslog-ng you would have to either use network(transport(tcp|udp)) or syslog() or network(transport(tcp|udp) flags(syslog-protocol)) respectively. The sample logs you included seem to resemble the IETF-style. What type of source do you have configured in your syslog-ng setup? (Could you please share your config file?) Best Regards, János -- Janos SZIGETVARI RHCE, License no. 150-053-692 <https://www.redhat.com/rhtapps/verify/?certId=150-053-692> LinkedIn: linkedin.com/in/janosszigetvari E-mail: janos@szigetvari.com, jszigetvari@gmail.com Web: janos.szigetvari.com __@__˚V˚ Make the switch to open (source) applications, protocols, formats now: - windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice - msn -> jabber protocol (Pidgin, Google Talk) - mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp Ivan Nepryahin - Bercut <Ivan.Nepryahin@bercut.com> ezt írta (időpont: 2021. márc. 25., Cs, 14:56):
Hi all!
I think I have a stupid question, but I really dont know how this make.
Situation: When I send syslog message with timestamp in format "1Mar 25 2021 16:35:49" everything works great, but when I send message with timestamp in format "1Mar 25 2021 16:35:49*+03:00*", syslog-ng adding two extra fields with timestamp and IP address and due that break down file naming.
Question: How can I say to syslog-ng server do not add extra fields when he get message with +03:00 in timestamp?
message without +03:00 Mar 25 13:11:57 HUAWEI-CORE-OFFICE-1 <bla bla bal>
mesage with +03:00 Mar 25 13:46:45 192.168.100.34 Mar 25 2021 16:46:45*+03:00* HUAWEI-CORE-OFFICE-1 <bla bla bla>
I will be appreciate for any advice!
P.s sorry for bad english it is not my native language
best regards, *Nepryahin Ivan* IT Department *Phone**: *+7 812 327 32 33 *Mobile: *+7 911 291 81 68
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq