We are using syslog-ng on an AIX system as the collection point for a
large network of IBM, Sun, and "communication device" systems.
In addition to logging the received messages, syslog-ng forwards
all messages on to named pipes which are monitored by a daemon
whose task it is to "real-time" watch for
"configurable" activity. (e.g.: "connection refused"
messages from a single external system occurring on multiple of our
systems, etc.) All of this is working just fine.
We have one Sun server which acts as the focus for message from our CISCO
routers. That server forwards its messages on to our central syslog-ng
server. We now want to watch for failure condition messages from those
communication devices, making use of the daemon already in place. What
we're faced with though is the stripping of the original source detail
when the Sun box's syslogd forwards the message.
As example of what we're facing, please see below the source substitution
performed by syslogd on the forward.
The original message (obviously with a bogus hostname)
as logged on the Sun server is:
Sep 11 09:42:01 dddd.ddd.ddd.ddd 2939: Sep 11 09:41:59
EDT: %LINK-4-ERROR: FastEthernet0/7 is experiencing errors
While that received by syslog-ng in the AIX system
is:
Sep 11 09:40:57 ssss.sss.sss.sss 2939: Sep 11 09:41:59
EDT: %LINK-4-ERROR: FastEthernet0/7 is experiencing errors
My question is this: Is there a way to configure syslogd or syslog-ng so
that the entire original message is forwarded?
Thanks in advance!
John
---
John A. Parker Senior
Programmer/Analyst - AIX Cornell
University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)