FW: [syslog-ng] syslog-ng 1.6.8 bug: not maintaining priority

[SheBang]

-----Original Message-----

> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Evan Rempel
> Sent: Thursday, September 15, 2005 10:51 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: [syslog-ng] syslog-ng 1.6.8 bug: not maintaining priority
> 
> 
> If I use the template option for TCP or UDP destinations, the priority
> of a message is always user.notice.
> 
> <snip>
> 
> and I got the following in the /var/log/syslog-ng file
> 
> Sep 15 10:38:51 cashmere.comp.uvic.ca <http://cashmere.comp.uvic.ca> user 
> notice ftp alert From
> cashmere.comp.uvic.ca <http://cashmere.comp.uvic.ca>: sysprog: everything 
> is wrong
> 
> Notice that the udp sent message contains the original ftp.alert
> priority, but when the message is received via UDP, the message has
> priority user.notice.
> 
> Am I doing something wrong?
> 
> 
Check out the detailed syslog explanation at:

http://www.campin.net/syslog-ng/syslog.html

Since your message isn't "<PRI>HEADER MSG" it's being rewriten in accordance 
with standard syslog practice and RFC3164. I didn't know syslog-ng doesn't 
put a <PRI> field in the beginning no matter what, but it makes sense that 
it wouldn't when you're specifying the format yourself. You'll have to add 
it.

Problem is, I don't know that you can. Going by what's on the FAQ:

$TAG
Hex representaiton of the 32-bit priority/facility pair (see
/usr/include/sys/syslog.h)
1f

You can't use a hex number there, it needs to be decimal. I don't see a 
macro that we can use to properly set the decimal <PRI> in the beginning of 
a templated message. Bazsi, can you shed any light on this?

BTW, I think most formatting questions can be answered by people on their 
own after they read that syslog explanation page.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050915/c3f86486/attachment.htm