[syslog-ng]syslog-ng misinterpreting messages from Enterasys Routers.

[Balazs Scheidler]

On Thu, Jan 23, 2003 at 11:21:24AM +0000, Ted_Rule@flextech.co.uk wrote:
> 
> 
> Having finally bitten the bullet and installed syslog-ng ( libol-0.3.6 /
> syslog-ng-1.5.24 ),
> I've only come across one problem... syslog messages from our Enterasys Routers
> are being
> corrupted. All Unix and Cisco messages appear Ok.
> [snip]
> 
> I note the version 1.5.25 has a bad_hostname() option. Is it possible that this
> may be used to alleviate this issue, or is some other workround
> needed? I'm guessing "keep_hostname(no)" might fix it, but would that
> potentially lead to other problems? Is there a summary of the algorithm
> which syslog-ng uses to determine whether the message contains a hostname?

There are two ways to overcome your problem:

1) check_hostname() is a global option that disallows '%' in hostnames, turn
  it on in your global options() section
2) use bad_hostname() 

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1