[syslog-ng] AIX syslogd alternate message format
Nate Campi
nate at campin.net
Wed Oct 11 17:50:36 CEST 2006
On Tue, Oct 10, 2006 at 12:30:36PM -0700, Evan Rempel wrote:
> When logging from an AIX server, the format of the message can be
>
> <$PRI>$DATE Message forwarded from $HOST: $MESSAGE
>
> and syslog-ng handles this quite nicely, however, if an AIX machine is
> configured to use the "-s" option (short version) to the AIX syslogd
> subsystem, the message may be of the format
>
> <$PRI>$DATE From $HOST: $MESSAGE
>
> It would be nice if syslog-ng handled this as well.
>
> I realize that I am asking for syslog-ng to "fix" another vendors problem,
> but in IBM's defense, starting in AIX 5.2 there is a "-n" option to syslogd
> that prevents it from prepending anything to a message, resulting in
> <$PRI>$DATE $MESSAGE
>
> unfortunately, there is no host at all.
This is identical to how Solaris sends syslog messages. See:
http://www.campin.net/syslog-ng/syslog.html#problems
syslog-ng generally deals well with it, unless you get a program name
with a space in it. The config directive bad_hostnames() was added to
deal with them.
I can explain in more detail if needed. This thread is the one that
prompted Bazsi to add the feature:
https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004345.html
--
Nate
I've seen things you people wouldn't believe. Attack ships on fire off
the shoulder of Orion. I watched C-beams glitter in the dark near the
Tannhauser gate. All those moments will be lost in time, like tears in
rain. Time to die. -- Roy Batty, Blade Runner
More information about the syslog-ng
mailing list