[syslog-ng]syslog-ng mistreating data as part of the hostname ?

Hildenbrand, Patrick patrick.hildenbrand@sap.com
Mon, 14 Jan 2002 18:21:39 +0100


Hi everybody, 
getting logs from cabeltron ssr's into syslog-ng, we've some trouble. The
data sent (the was syslog will fromat it) is like the line below:
Jan 13 04:02:12 loghost %ACL_LOG-I-DENY, ACL [280] on "rtfa" UDP
192.168.1.2:4721 -> 14.9.1.3:53

using options keep_hostname(no); long_hostnames(no); chain_hostnames(on)
syslog-ng presents us:
Jan 13 04:02:12 %ACL_LOG-I-DENY,/loghost ACL [280] on "rtfa" UDP
192.168.1.2:4721 -> 14.9.1.3:53

changing chain_hostnames to off, we even get:
Jan 13 04:02:12 loghost  ACL [280] on "rtfa" UDP 192.168.1.2:4721 ->
14.9.1.3:53

so the important part about what happend to the router is lost (all messages
on the cabletron routers are formatted like this). It appears to me as if
syslog-ng while parsing adds the first value of the message to the hostname.
Is there some configuration setting to disable this ?

BTW: this is using 1.4.11 as well as with 1.5.13

Kind regards,

Patrick Hildenbrand