[syslog-ng] Syslog message reformat
Balazs Scheidler
bazsi at balabit.hu
Wed Jan 4 15:43:38 CET 2006
On Wed, 2006-01-04 at 14:31 +1000, Michael Gehrmann wrote:
>
> I have a vendor who has implemented their syslog message with a year
> in the date field e.g. Apr 15 10:06:19 2005
>
> The vendor believes this to be a correct interpretation of the RFC
> (it's wrong if you read the next two paragraphs in the RFC) and will
> not change their software.
>
> Has anyone got any ideas on how I can kill the year field so I can use
> standard reporting/filtering tools?
syslog-ng could be patched to support this timestamp and then generate a
timestamp on its own as per syslog-ng's settings. The proper place is
log.c, parse_log_msg() in syslog-ng 1.6.x and log_msg_parse() in
logmsg.c in syslog-ng 1.9.x
--
Bazsi
More information about the syslog-ng
mailing list