[syslog-ng] AIX syslogd alternate message format
Evan Rempel
erempel at uvic.ca
Wed Oct 11 18:00:25 CEST 2006
Nate Campi wrote:
> On Tue, Oct 10, 2006 at 12:30:36PM -0700, Evan Rempel wrote:
>> When logging from an AIX server, the format of the message can be
>>
>> <$PRI>$DATE Message forwarded from $HOST: $MESSAGE
>>
>> and syslog-ng handles this quite nicely, however, if an AIX machine is
>> configured to use the "-s" option (short version) to the AIX syslogd
>> subsystem, the message may be of the format
>>
>> <$PRI>$DATE From $HOST: $MESSAGE
>>
>> It would be nice if syslog-ng handled this as well.
>>
>> I realize that I am asking for syslog-ng to "fix" another vendors problem,
>> but in IBM's defense, starting in AIX 5.2 there is a "-n" option to syslogd
>> that prevents it from prepending anything to a message, resulting in
>> <$PRI>$DATE $MESSAGE
>>
>> unfortunately, there is no host at all.
>
> This is identical to how Solaris sends syslog messages. See:
>
> http://www.campin.net/syslog-ng/syslog.html#problems
>
> syslog-ng generally deals well with it, unless you get a program name
> with a space in it. The config directive bad_hostnames() was added to
> deal with them.
>
> I can explain in more detail if needed. This thread is the one that
> prompted Bazsi to add the feature:
>
> https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004345.html
>
Yes, except that you missed the part about a message of the format
<$PRI>$DATE From $HOST: $MESSAGE
that does have a host in it, but it is not the first word, and it also has a : in it.
Looking at the source code, this specific format is not handled the same as the format
<$PRI>$DATE Message forwarded from $HOST: $MESSAGE
which is handled explicitly.
It is this shortened relay format that I would like to have added to syslong-ng.
Evan.
--
Evan Rempel erempel at uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria
More information about the syslog-ng
mailing list