[syslog-ng]Can I prevent syslog-ng from prepending logs from other servers?

Victor Barahona victor.barahona@uam.es
Tue, 19 Dec 2000 17:20:41 +0100

Hash: SHA1

On Tuesday 19 December 2000 13:25, you wrote:
>William Yodlowsky on Mon, Dec 18, 2000 at 11:34:34PM -0500:
>> On Mon, Dec 18, 2000 at 05:09:20PM -0600, Matt Mencel wrote:
>> >  I am recieving web and ftp logs from another machine on my central
>> > logging machine.  Syslog-ng prepends the logs with a bunch of
>> > information that I don't need and it prevents Analog and Webalizer
>> > from parsing the logs correctly.  Is there a way to tell syslog-ng
>> > not to prepend this information
>> >  to certain logs?  Thanks.
>the main reason why you have replaced your original syslog are
>advanced filtering capabilities .. use them :)

William, I think you missunderstand the question from Matt.

The problem is that this is a normal (local) syslog message:

Tue Dec 19 16:18:14 2000 17 saraksh.alkar.net 65536 /ftp/data/fgf092.zip b 
_ o a Squid@ ftp 0 * i

This is the same in the log-server from syslog-ng:

Dec 19 16:18:20 local@limonero/limonero ftpd[3065]: [ID 735137 
daemon.info] xferlog (send): 25 saraksh.alkar.net 65536 
/ftp/data/fgf092.zip b _ o a Squid@ ftp 0 * i

When a program that parse those logs for statistic purpose (as webalizer) 
its fail because the logs are not in the format the webalizer expect.

I save the problem pre-processing the logs whith a script that write them 
in the right format in another file and then pass it to webalizer.

¿What are the reason because the syslog-ng use another different format in 
their logs?

Sorry for my english.


- -- 
"Alone? you are not alone, Bigbrother is watching you"

- ------------------------------------------------------------------------
Soporte Seguridad en red........................http://www.utc.uam.es/ss
Unidad Tecnica de Comunicaciones...................http://www.utc.uam.es
Universidad Autonoma de Madrid.........................http://www.uam.es
Tlf.- 91 397 5525                                      PGP ID-0x8750AB79
- ------------------------------------------------------------------------

Version: PGP 6.5.1i