On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and multiple linuxs sending syslog messages to this server, using diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE: $MSG”, but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng agent is restarted:
“Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with local6 and info, but every message I send through syslog-ng agent arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog records? If my assumption is true, then the difference between the LogRelay entry and the other messages is that the LogRelay entry is coming from the EventLog, and the others come from files, right? I ask my collegue to look into this. -- Bazsi