[syslog-ng] Losing TAG information

SOLIS, ALEX asolis at oppd.com
Mon Jun 19 19:13:25 CEST 2006 

Thank you for your reply Evan.

So, if you attempt what I did in bullet two in the previous post below
do you get different results?  If you do, then maybe I should consider
upgrading my version of syslog-ng.  Thanks again.


Alex


-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Evan Rempel
Sent: Monday, June 19, 2006 10:38 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Losing TAG information

All I can really add is that we have a mix ov AIX 4.3.3 through 5.3 that
are logging to a linux syslog-ng 1.6.8 machine 
and we are not experiencing the symptoms that you describe. I have a
couple of applications where the tag ends up being 
"syslog" when it should be something else, but that is quite a bit
different than removing it entirely.

Evan.

SOLIS, ALEX wrote:
> I appreciate your sympathy but it does not help me with my TAG
problem.
> :)
> 
> Anyone else have any idea how to stop syslog-ng from purging the TAG
> information from an AIX syslogd message.  I have successfully sniffed
> syslog traffic between the AIX servers and my LOGHOST.  The TAG
(Process
> Name info) is definitely intact on the wire.  This confirms that
> syslog-ng is simply parsing the log message and removing the TAG info.
> 
> I did some more tests on the Linux LOGHOST using the logger utility
and
> I found that syslog-ng does not like spaces after the TAG information.
> For example:
> 
> 1)	   Logger -p syslog.info -t "TEST_TAG" "TEST_MESSAGE"
> 	
> 	Generates the log:
> 
> 	   Jun 19 08:42:38 loghost TEST_TAG: TEST_MESSAGE
> 
> 	
> 2)	   Logger -p syslog.info -t "TEST_TAG " "TEST_MESSAGE"
> 
> 	Generates the log:
> 
> 	    Jun 19 08:44:08 loghost : TEST_MESSAGE
> 
> Example two lost the TAG information because of the space after
> TEST_TAG.  I have considered the possibility that the messages being
> sent from the AIX box do not conform to syslog formatting standards
and
> therefore syslog-ng discards the field.  But I would like to know if
> there is anything that can be done to stop this behavior. 
> 
> Thanks for all responses, even sympathetic ones. :)
> 
> Alex
> 	
> 
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] 
> Sent: Tuesday, June 13, 2006 9:09 PM
> To: SOLIS, ALEX
> Subject: Re: [syslog-ng] Losing TAG information
> 
> On Tue, 13 Jun 2006 10:07:33 CDT, "SOLIS, ALEX" said:
> 
>  (off-list reply)
> 
>> I have about 20 or so AIX 4.3 servers that are sending syslog
messages
>> to a Linux desktop running syslog-ng 1.6.5. 
> 
> You have my condolences.  IBM dropped support for even AIX 4.3.3
several
> years ago - hopefully you're not having problems keeping the software
> running and secure...
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] 
> Sent: Tuesday, June 13, 2006 9:09 PM
> To: SOLIS, ALEX
> Subject: Re: [syslog-ng] Losing TAG information
> 
> On Tue, 13 Jun 2006 10:07:33 CDT, "SOLIS, ALEX" said:
> 
>  (off-list reply)
> 
>> I have about 20 or so AIX 4.3 servers that are sending syslog
messages
>> to a Linux desktop running syslog-ng 1.6.5. 
> 
> You have my condolences.  IBM dropped support for even AIX 4.3.3
several
> years ago - hopefully you're not having problems keeping the software
> running and secure...
> 
> This e-mail contains Omaha Public Power District's confidential and
proprietary information and is for use only by the intended recipient.
Unless explicitly stated otherwise, this e-mail is not a contract offer,
amendment, nor acceptance.  If you are not the intended recipient you
are notified that disclosing, copying, distributing or taking any action
in reliance on the contents of this information is strictly prohibited.
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> 


-- 
Evan Rempel                erempel at uvic.ca
Senior Programmer Analyst        250.721.7691
Computing Services
University of Victoria
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html


This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient.  Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance.  If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

More information about the syslog-ng mailing list