question regarding program name logs
Hello, I am currently using Syslog-NG version 2.0rc1. I've noticed that sometimes when Syslog-NG is logging messages, it prefixes something onto the program name which disrupts filters while matching against a program name. For example, in some logs for a program named "foo" I'll see logs in the form of "<15>foo" which fail to be matched against a filter of 'program("foo") '. This seems to only be noticed on logs which originate from remote hosts. Could anyone provide an explanation for what is going on with this? Regards, Justin Randall
Justin Randall wrote:
Hello,
I am currently using Syslog-NG version 2.0rc1.
I’ve noticed that sometimes when Syslog-NG is logging messages, it prefixes something onto the program name which disrupts filters while matching against a program name. For example, in some logs for a program named “foo” I’ll see logs in the form of “<15>foo” which fail to be matched against a filter of ‘program(“foo”) ‘. This seems to only be noticed on logs which originate from remote hosts.
Could anyone provide an explanation for what is going on with this?
the program name is supplied by the program in the call openlog to generate the log record, i.e. syslog-ng does not mess with this value it just takes what it is given. If you are getting variable text in this field I would look at the program that is generating the messages. BTW I apologise for my earlier message in response to Bazsi's announcement of RC2. It was meant to go to a colleague not to the list. Too early in the morning and not enough coffee! Russell
participants (2)
-
Justin Randall
-
Russell Fulton