Hi All! I would like send UDP message to the syslog server without timestamp. I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf. The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER. I sended this "<110>1 - hostname procname procid - - Message" The syslog-ng server logged this: "Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message" Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp? Best Regards Istvan Csuti
Hi, The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp? destination d_file { file ("/var/log/messages" template("${MSG}\n") );}; On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I see. Then the easiest is probably to not bother with the timestamp on the sender (arduino) side, and set the keep-timestamp(no) option on the server side. On Wed, Sep 21, 2016 at 9:41 PM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi!
I write a program on arduino embended system. This device do not have Real Time Clock. I sended UDP syslog datagram from this device.
2016.09.21. 20:19 keltezéssel, Fekete, Róbert írta:
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Csuti István rendszergazda __________________________________________________
Zalaszám Informatika Kft. 8900 Zalaegerszeg, Mártírok útja 53. Telefon: 92/502-593 Fax: 92/502-501 e-mail: icsuti@zalaszam.hu <%0Aicsuti@zalaszam.hu%09%09%09> web: www.zalaszam.hu
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
For one, I think you were sending your log messages not to an RFC5424 capable source, you need to use the syslog() driver, for example: source src { syslog(transport(udp)); }; There are other transports available (like tcp or tls). The NIL value at the date position seems to be supported, but I am not sure which version added this. I've checked out the current master. But I think what you are after is the "no-parse" flag. source src { tcp(flags(no-parse)); }; This means that the entire line received is stuffed into the $MSG name-value pair. -- Bazsi On Fri, Sep 23, 2016 at 11:28 AM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi All!
The solution is: Use old RFC3164 message syntax without timestamp: The UDP message is: "<prio>procname[procid]: LogMessage"
prio: byte 0-191 (See more information in RFC3164 https://www.ietf.org/rfc/rfc3164.txt) procname: string (max length 48 character) procid: number (Max length 128 character) Full UDP message length 1024 character
Best regards
2016.09.22. 10:55 keltezéssel, Fekete, Róbert írta:
I see. Then the easiest is probably to not bother with the timestamp on the sender (arduino) side, and set the keep-timestamp(no) option on the server side.
On Wed, Sep 21, 2016 at 9:41 PM, Csuti Istvan <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> wrote:
Hi!
I write a program on arduino embended system. This device do not have Real Time Clock. I sended UDP syslog datagram from this device.
2016.09.21. 20:19 keltezéssel, Fekete, Róbert írta:
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Csuti István rendszergazda __________________________________________________
Zalaszám Informatika Kft. 8900 Zalaegerszeg, Mártírok útja 53. Telefon: 92/502-593 Fax: 92/502-501 e-mail: icsuti@zalaszam.hu <%0Aicsuti@zalaszam.hu%09%09%09> <%0Aicsuti@zalaszam.hu%09%09%09> web: www.zalaszam.hu
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I see. Then the easiest is probably to not bother with the timestamp on the sender (arduino) side, and set the keep-timestamp(no) option on the server side.
On Wed, Sep 21, 2016 at 9:41 PM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi!
I write a program on arduino embended system. This device do not have Real Time Clock. I sended UDP syslog datagram from this device.
2016.09.21. 20:19 keltezéssel, Fekete, Róbert írta:
Hi,
The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> <icsuti@zalaszam.hu> wrote:
Hi All!
I would like send UDP message to the syslog server without timestamp.
I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf.
The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER.
I sended this "<110>1 - hostname procname procid - - Message"
The syslog-ng server logged this:
"Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message"
Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp?
Best Regards Istvan Csuti
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, The easiest way to drop the timestamp is on the syslog-ng server side, where you write the message into a file. There you can use a template, something like the one below. But why do you want to send a message without a timestamp?
destination d_file { file ("/var/log/messages" template("${MSG}\n") );};
On Wed, Sep 21, 2016 at 7:41 PM, Csuti Istvan <icsuti@zalaszam.hu> wrote:
Hi All! I would like send UDP message to the syslog server without timestamp. I readed RFC3164 and RFC5424 and syslog-ng-ose-guide-admin.pdf. The new "RFC 5424 (also called the IETF-syslog protocol): see Section 2.8.2, IETF-syslog messages (p. 13)" support NIL values "-" in HEADER. I sended this "<110>1 - hostname procname procid - - Message" The syslog-ng server logged this: "Sep 21 19:29:54 h164-19 1: - hostname procname procid - - Message" Question: What is wrong in my message string? The syslog-ng server why do not decode "1" after ">" as version? Can i send old syslog message (RFC3164) without timestamp? Best Regards Istvan Csuti ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/sy slog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Csuti István rendszergazda __________________________________________________ Zalaszám Informatika Kft. 8900 Zalaegerszeg, Mártírok útja 53. Telefon: 92/502-593 Fax: 92/502-501 e-mail: icsuti@zalaszam.hu <%0Aicsuti@zalaszam.hu%09%09%09> web: www.zalaszam.hu ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Csuti István rendszergazda __________________________________________________ Zalaszám Informatika Kft. 8900 Zalaegerszeg, Mártírok útja 53. Telefon: 92/502-593 Fax: 92/502-501 e-mail: icsuti@zalaszam.hu <%0Aicsuti@zalaszam.hu%09%09%09> web: www.zalaszam.hu
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Csuti Istvan
-
Fekete, Róbert
-
Scheidler, Balázs