[syslog-ng]re-writing hostnames before sending over TCP
Thomas Morin
syslog-ng@lists.balabit.hu
Thu, 30 Oct 2003 08:24:39 +0100
Quote nate <syslog-ng@aphroland.org>:
|
| thanks! yep that seemed to work(changing /etc/hosts), I thought about it
| yesterday but didn't try it..but it looks like the log4j stuff isn't good
| enough, it's not obeying the configuration 100% which makes it very
| difficult
| to filter(I set it to log to facility local6 but a buncha stuff still
| comes
| through using the facility user, also I am having it preappend some text
| for filtering further, but that preappend doesn't occur on all entries),
| so looks like I won't be able to use syslog for log4j. was worth a shot
| at least, had high hopes! thanks again for the quick response
Well, what happens is that log4j uses the conversion pattern for the main part
of a message, but doesn't use it for appending the information related to a
throwable (java exception) given with the log message. I guess that this is
what is happening to you. Where I work, we have adapted the SyslogAppender
(inheriting from it, with an adapted append method, that adds a NULL chars in
the end of the messages (to work around a bug in syslog-ng)); you could very
well adapt it also to preprend something to the messages.
-Thomas