[syslog-ng]Normalizing syslogs from FreeBSD and Solaris machines
Ken McKittrick
syslog-ng@lists.balabit.hu
Thu, 5 Aug 2004 11:37:06 -0400
Hello
I can't seem to get syslog outputs from Postfix running on Solaris and
FreeBSD servers to look the same.
FreeBSD -
Aug 5 11:14:43 69.67.254.17 postfix/smtp[80999]: 9FAA9EB760:
to=<adams4@usadatanet.net>, relay=127.0.0.1[127.0.0.1], delay=1,
status=sent (250 2.6.0 Ok, id=81995-01, from MTA: 250 Ok: queued as
E16ECEB7CD)
This corresponds to $DATE $HOST $MESSAGE, yes the postfix/smtp[80999]
which would be $PROGRAM is actually part of the $MESSAGE.
Solaris -
Aug 5 11:16:06 69.67.254.10 postfix/smtp[10111]: [ID 197553 mail.info]
B3391B26D: to=<taptoes@usadatanet.net>, relay=127.0.0.1[127.0.0.1],
delay=2, status=sent (250 2.6.0 Ok, id=11585-10, from MTA: 250 Ok:
queued as 9190DAE91)
This corresponds to $DATE $PROGRAM $MESSAGE. Which is closer to what I
would expect.
My main problem is that Solaris stuffs the ID and facility.priority
into the message itself. I've tried logging with defined message
formats and that doesn't seem to help.
So how can I gracefully removed the [ID xxxxxx Facility.Priority] from
the message in the Solaris log lines?
Thanks
Ken McKittrick
ISP Engineer
USADatanet