[syslog-ng]syslog-ng mistreating data as part of the hostname ?

Hildenbrand, Patrick patrick.hildenbrand@sap.com
Wed, 16 Jan 2002 17:14:11 +0100


some more info.

tracing the output of the SSR, the packet does not contain the hostname at
the proper place but only the timestamp. So the output looks like
(translated into ascii):
<174>Jan 13 04:02:12 %ACL_LOG-I-DENY, ACL [280] on "rtfa" UDP
192.168.1.2:4721 -> 14.9.1.3:53

The format as described in rfc3164 is only required for relays, which the
router is not, as it is the originator of the packet. In fact in the
standard it reads:
4.2 Original syslog Packets Generated by a Device
There are no set requirements on the contents of the syslog packet as it is
originally sent from a device. It should be reiterated here that the payload
of any IP packet destined to UDP port 514 MUST be considered to be a valid
syslog message. It is, however, RECOMMENDED that the syslog packet have all
of the parts described in Section 4.1 - PRI, HEADER and MSG - as this
enhances readability by the recipient and eliminates the need for a relay to
modify the message. 
Setting 'keep_hostname(yes)', the message will be displayed correctly but
without the hostname (contrary to the normal linux syslog). I could not
fiddle out a single set of options that would have given me the output of
the standard syslog. Any hints what I can do besides calling an external
Program ?


Mit besten Grüssen, 
Kind regards,

Patrick Hildenbrand

> Patrick Hildenbrand
> Operations & Technology 
> SAP Hosting AG & Co. KG
> Raiffeisenring 45
> 68789 St. Leon-Rot, Germany
> T   +49/6227/7-66410
> F   +49/6227/7-66301
> E   patrick.hildenbrand@sap.com
> http://www.saphosting.com
>