[syslog-ng] Tool to determine facility and severity from syslogpackets

[Szeti, Balazs]

Isn't that good for you, if you write a syslog-ng tamplate using these
macros?: 

FACILITY The name of the facility from where the message originates.  
PRIORITY or LEVEL The priority of the message.  
TAG The priority and facility encoded as a 2 digit hexadecimal number.  
PRI The priority and facility encoded as a 2 or 3 digit decimal number
as it is present in syslog messages.  

So if you log everything into one file with the facility/priority placed
in the message this way (using a template), then you can determine the
facility of your devices. (I'm sure you can recognize the messages sent
by the devices, so you can distinguish them from each other.)

Balazs 

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Justin Shore
Sent: Tuesday, December 05, 2006 4:55 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Tool to determine facility and severity from
syslogpackets

Does anyone know of a tool to read the facility and severity info from
inbound syslog packets?  I have a number of devices that are sending me
syslog info and I can't determine what facility they're using.  These
devices can't be set to use specific facilities unfortunately.  It would
be ideal if I could read the data out of a raw dump from tcpdump or at
least be able to bind it to 514/udp and prepend facility/severity info
on each log line.  

Along the same lines it would be sweet if there was a way to rewrite the
facility information in inbound syslog packets (based on source IP)
before passing them to your favorite syslog server.  This would be ideal
for occasions such as this.

Any info would be greatly appreciated.  Thanks

Justin
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html