[syslog-ng] Losing TAG information

Evan Rempel erempel at uvic.ca
Mon Jun 19 19:50:00 CEST 2006 

In an AIX 5.2 machine

% logger -t evan funny
% logger -t "evan " funny

results in

Jun 19 10:47:17 casa.comp.uvic.ca casa: evan: funny
Jun 19 10:47:25 casa.comp.uvic.ca casa: evan : funny

In AIX 4.3.3

% logger -t evan funny
% logger -t "evan " funny

results in

Jun 19 10:48:57 casual.uvic.ca casual: evan: funny
Jun 19 10:49:03 casual.uvic.ca casual: evan : funny

So, it would appear that the 1.6.8 syslog-ng does not suffer from the symptoms you describe.

Evan.

SOLIS, ALEX wrote:
> Thank you for your reply Evan.
> 
> So, if you attempt what I did in bullet two in the previous post below
> do you get different results?  If you do, then maybe I should consider
> upgrading my version of syslog-ng.  Thanks again.
> 
> 
> Alex
> 
> 
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Evan Rempel
> Sent: Monday, June 19, 2006 10:38 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Losing TAG information
> 
> All I can really add is that we have a mix ov AIX 4.3.3 through 5.3 that
> are logging to a linux syslog-ng 1.6.8 machine 
> and we are not experiencing the symptoms that you describe. I have a
> couple of applications where the tag ends up being 
> "syslog" when it should be something else, but that is quite a bit
> different than removing it entirely.
> 
> Evan.
> 
> SOLIS, ALEX wrote:
>> I appreciate your sympathy but it does not help me with my TAG
> problem.
>> :)
>>
>> Anyone else have any idea how to stop syslog-ng from purging the TAG
>> information from an AIX syslogd message.  I have successfully sniffed
>> syslog traffic between the AIX servers and my LOGHOST.  The TAG
> (Process
>> Name info) is definitely intact on the wire.  This confirms that
>> syslog-ng is simply parsing the log message and removing the TAG info.
>>
>> I did some more tests on the Linux LOGHOST using the logger utility
> and
>> I found that syslog-ng does not like spaces after the TAG information.
>> For example:
>>
>> 1)	   Logger -p syslog.info -t "TEST_TAG" "TEST_MESSAGE"
>> 	
>> 	Generates the log:
>>
>> 	   Jun 19 08:42:38 loghost TEST_TAG: TEST_MESSAGE
>>
>> 	
>> 2)	   Logger -p syslog.info -t "TEST_TAG " "TEST_MESSAGE"
>>
>> 	Generates the log:
>>
>> 	    Jun 19 08:44:08 loghost : TEST_MESSAGE
>>
>> Example two lost the TAG information because of the space after
>> TEST_TAG.  I have considered the possibility that the messages being
>> sent from the AIX box do not conform to syslog formatting standards
> and
>> therefore syslog-ng discards the field.  But I would like to know if
>> there is anything that can be done to stop this behavior. 
>>
>> Thanks for all responses, even sympathetic ones. :)
>>
>> Alex
>> 	
>>
>> -----Original Message-----
>> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] 
>> Sent: Tuesday, June 13, 2006 9:09 PM
>> To: SOLIS, ALEX
>> Subject: Re: [syslog-ng] Losing TAG information
>>
>> On Tue, 13 Jun 2006 10:07:33 CDT, "SOLIS, ALEX" said:
>>
>>  (off-list reply)
>>
>>> I have about 20 or so AIX 4.3 servers that are sending syslog
> messages
>>> to a Linux desktop running syslog-ng 1.6.5. 
>> You have my condolences.  IBM dropped support for even AIX 4.3.3
> several
>> years ago - hopefully you're not having problems keeping the software
>> running and secure...
>> -----Original Message-----
>> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] 
>> Sent: Tuesday, June 13, 2006 9:09 PM
>> To: SOLIS, ALEX
>> Subject: Re: [syslog-ng] Losing TAG information
>>
>> On Tue, 13 Jun 2006 10:07:33 CDT, "SOLIS, ALEX" said:
>>
>>  (off-list reply)
>>
>>> I have about 20 or so AIX 4.3 servers that are sending syslog
> messages
>>> to a Linux desktop running syslog-ng 1.6.5. 
>> You have my condolences.  IBM dropped support for even AIX 4.3.3
> several
>> years ago - hopefully you're not having problems keeping the software
>> running and secure...
>>
>> This e-mail contains Omaha Public Power District's confidential and
> proprietary information and is for use only by the intended recipient.
> Unless explicitly stated otherwise, this e-mail is not a contract offer,
> amendment, nor acceptance.  If you are not the intended recipient you
> are notified that disclosing, copying, distributing or taking any action
> in reliance on the contents of this information is strictly prohibited.
>> _______________________________________________
>> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>
>>
> 
> 


-- 
Evan Rempel                erempel at uvic.ca
Senior Programmer Analyst        250.721.7691
Computing Services
University of Victoria

More information about the syslog-ng mailing list