On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
multiple linuxs sending syslog messages to this server, using
diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I
have an message format like this: "<182>$DATE $HOST $EVENT_SOURCE:
$MSG", but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng
agent is restarted:
"Jan 28 10:57:41 10.176.25.108 LogRelay: Application started", with
local6 and info, but every message I send through syslog-ng agent
arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog
records?
If my assumption is true, then the difference between the LogRelay entry
and the other messages is that the LogRelay entry is coming from the
EventLog, and the others come from files, right?
I ask my collegue to look into this.
--
Bazsi
You are rigth. The messages from the eventlog containers are getting to the server with the right PRI, but the ones from the files don't. Thanks
On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and multiple linuxs sending syslog messages to this server, using diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE: $MSG”, but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng agent is restarted:
“Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with local6 and info, but every message I send through syslog-ng agent arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog records?
If my assumption is true, then the difference between the LogRelay entry and the other messages is that the LogRelay entry is coming from the EventLog, and the others come from files, right?
I ask my collegue to look into this.
I've talked to my collegue, and as it seems the 2.1.x version of the agent does not support templates for lines coming from file sources. However the upcoming 2.2 version already does, but it's not ready for public consumption yet. -- Bazsi
Hi Admin, Please unsubscribe fengtingting2001@gmail.com Thanks, Tina On 1/28/08, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and multiple linuxs sending syslog messages to this server, using diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I have an message format like this: "<182>$DATE $HOST $EVENT_SOURCE: $MSG", but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng agent is restarted:
"Jan 28 10:57:41 10.176.25.108 LogRelay: Application started", with local6 and info, but every message I send through syslog-ng agent arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog records?
If my assumption is true, then the difference between the LogRelay entry and the other messages is that the LogRelay entry is coming from the EventLog, and the others come from files, right?
I ask my collegue to look into this.
I've talked to my collegue, and as it seems the 2.1.x version of the agent does not support templates for lines coming from file sources.
However the upcoming 2.2 version already does, but it's not ready for public consumption yet.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Bazsi/Others; Where and how can I download the Windows agent? Or this a "Premium" only download? Thanks, .vp
From: bazsi@balabit.hu To: syslog-ng@lists.balabit.hu Date: Mon, 28 Jan 2008 16:04:18 +0100 Subject: Re: [syslog-ng] Win syslog-agent PRI
On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and multiple linuxs sending syslog messages to this server, using diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE: $MSG”, but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng agent is restarted:
“Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with local6 and info, but every message I send through syslog-ng agent arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog records?
If my assumption is true, then the difference between the LogRelay entry and the other messages is that the LogRelay entry is coming from the EventLog, and the others come from files, right?
I ask my collegue to look into this.
I've talked to my collegue, and as it seems the 2.1.x version of the agent does not support templates for lines coming from file sources.
However the upcoming 2.2 version already does, but it's not ready for public consumption yet.
-- Bazsi
On Mon, 2008-01-28 at 12:42 -0500, wiskbroom@hotmail.com wrote:
Bazsi/Others;
Where and how can I download the Windows agent? Or this a "Premium" only download?
Currently it is, however we're planning to do a free (as in beer) version of the Windows agent when syslog-ng 2.2 is released. -- Bazsi
Thanks Bazsi, I just painted my friends entire house for "free beer" :-( .vp
From: bazsi@balabit.hu To: syslog-ng@lists.balabit.hu Date: Mon, 28 Jan 2008 20:48:43 +0100 Subject: Re: [syslog-ng] Win syslog-agent PRI
On Mon, 2008-01-28 at 12:42 -0500, wiskbroom@hotmail.com wrote:
Bazsi/Others;
Where and how can I download the Windows agent? Or this a "Premium" only download?
Currently it is, however we're planning to do a free (as in beer) version of the Windows agent when syslog-ng 2.2 is released.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Mon, 2008-01-28 at 16:59 -0500, wiskbroom@hotmail.com wrote:
Thanks Bazsi, I just painted my friends entire house for "free beer" :-(
I don't see the reasoning behind the negative smily, on "free beer" I meant that the agent will be free to use, but will not come with a free (as in freedom license), e.g. it will not be GPLed. Of course it is less than ideal (in an ideal world everything should be free and come with a GPL license), but this is something my company invested actual $$$s in, and I was happy I could convince our management team to allow at least a free version of the program. -- Bazsi
That's totally understandable, I thank you and your firm in advance for the opportunity at testing and using it. .vp
From: bazsi@balabit.hu To: syslog-ng@lists.balabit.hu Date: Tue, 29 Jan 2008 10:24:57 +0100 Subject: Re: [syslog-ng] Win syslog-agent PRI
On Mon, 2008-01-28 at 16:59 -0500, wiskbroom@hotmail.com wrote:
Thanks Bazsi, I just painted my friends entire house for "free beer" :-(
I don't see the reasoning behind the negative smily, on "free beer" I meant that the agent will be free to use, but will not come with a free (as in freedom license), e.g. it will not be GPLed.
Of course it is less than ideal (in an ideal world everything should be free and come with a GPL license), but this is something my company invested actual $$$s in, and I was happy I could convince our management team to allow at least a free version of the program.
-- Bazsi
I'm curious about this: though the source is not "open", is it still available for review/compilation, or is the windows agent distributed as a pre-compiled binary only? I'm curious because while I'd prefer (in theory) to use the syslog-ng agent on windows machines to forward to my syslog-ng servers... one of the benefits of using the available ones (evtsys, snare) is the ability to at least diagnose, resolve, and post back fixes when necessary. Obviously whatever your company decides is its right, but my policy is not to run free (unsupported) binary-only software because of the inability to at least post a sensible bug report. Looking forward to checking it out either way however, since I'm also not against buying software ;) Thanks for all the great work. /eli Balazs Scheidler wrote:
On Mon, 2008-01-28 at 16:59 -0500, wiskbroom@hotmail.com wrote:
Thanks Bazsi, I just painted my friends entire house for "free beer" :-(
I don't see the reasoning behind the negative smily, on "free beer" I meant that the agent will be free to use, but will not come with a free (as in freedom license), e.g. it will not be GPLed.
Of course it is less than ideal (in an ideal world everything should be free and come with a GPL license), but this is something my company invested actual $$$s in, and I was happy I could convince our management team to allow at least a free version of the program.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Tue, 2008-01-29 at 10:22 -0800, Eli Stair wrote:
I'm curious about this: though the source is not "open", is it still available for review/compilation, or is the windows agent distributed as a pre-compiled binary only? I'm curious because while I'd prefer (in theory) to use the syslog-ng agent on windows machines to forward to my syslog-ng servers... one of the benefits of using the available ones (evtsys, snare) is the ability to at least diagnose, resolve, and post back fixes when necessary.
Obviously whatever your company decides is its right, but my policy is not to run free (unsupported) binary-only software because of the inability to at least post a sensible bug report.
Looking forward to checking it out either way however, since I'm also not against buying software ;)
Thanks for this information, this is really useful. I'll try to convince my collegues about this matter. -- Bazsi
Hum.ok You said it didn't support templates, but I can get the agent to send the line with format I want, only with the wrong PRI. Can I get access to a beta version or something like that of that 2.2 version? I've got an premium license :) When will that version be relased? Thanks -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: segunda-feira, 28 de Janeiro de 2008 15:04 To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Win syslog-agent PRI On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
Hi,
I have syslog-ng-premium-edition (2.1.8) on an Debian etch and multiple linuxs sending syslog messages to this server, using diferents PRIs.
The problem is with the windows agent (2.1.4). In the windows agent I have an message format like this: "<182>$DATE $HOST $EVENT_SOURCE: $MSG", but at the server the received PRI is not 182.
At the server I get messages with the correct PRI when the syslog-ng agent is restarted:
"Jan 28 10:57:41 10.176.25.108 LogRelay: Application started", with local6 and info, but every message I send through syslog-ng agent arrives at the server with user/notice (PRI 13).
Are you reading messages from files or you are sending out the EventLog records?
If my assumption is true, then the difference between the LogRelay entry and the other messages is that the LogRelay entry is coming from the EventLog, and the others come from files, right?
I ask my collegue to look into this.
I've talked to my collegue, and as it seems the 2.1.x version of the agent does not support templates for lines coming from file sources. However the upcoming 2.2 version already does, but it's not ready for public consumption yet. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Tue, 2008-01-29 at 11:03 +0000, Tiago Gomes da Silva Mendo wrote:
Hum.ok
You said it didn't support templates, but I can get the agent to send the line with format I want, only with the wrong PRI.
Can I get access to a beta version or something like that of that 2.2 version? I've got an premium license :)
When will that version be relased?
The PE version of syslog-ng 2.2 is scheduled to be released Q2 2008, however the agent itself is in a very good state, so we can probably release a beta version sooner. I'll let you know when that happens. -- Bazsi
participants (5)
-
Balazs Scheidler
-
Eli Stair
-
Tiago Gomes da Silva Mendo
-
Ting Feng
-
wiskbroom@hotmail.com