[syslog-ng]postfix logs mangled
Balazs Scheidler
bazsi@balabit.hu
Fri, 10 Jan 2003 09:26:54 +0100
On Fri, Jan 10, 2003 at 04:05:53PM +1000, Ken Blinco wrote:
> Hi,
>
> product: syslog-ng-1.5.24
> platform: linux 2.4.18 (redhat dist)
>
>
> I'm having a problem with postfix logs sent across the network through to syslog-ng which in turn pipes output through to a mysql server using the following directive:
> destination d_mysql
> pipe("/tmp/mysql.pipe"
> template("INSERT INTO syslogs (host, facilit etc etc...
>
>
> The output from postfix has the 'to' and 'from' address dropped:
> [snip]
> postfix/smtp[30704]: 157A6703B8: to=, relay=mail.domain.com....
> [end snip]
>
> It should look like this:
> [snip]
> postfix/smtp[30704]: 157A6703B8: to=<user@domain.com>, relay=mail.domain.com....
> [end snip]
>
> I'm guessing it's something to do with the '<' & '>' characters.
>
> I'll have to go through the source to see where it's going wrong, but was hoping that someone else out there had any similar sorts of problems and advice on how to fix.
the '<' and '>' characters should not cause problems like this as the whole
message is read until a '\n' is encountered and '<>' is interpreted at the
beginning of the line only.
try strace-ing syslog-ng to see what it exactly receives from postfix.
(we are logging postfix to syslog-ng without problems)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1