[syslog-ng] template-escape option and tabs problem

Manuel Mora manuelmora at gmail.com
Thu Sep 7 08:43:46 CEST 2006

Hi, I'm using syslog-ng as a central logging server, we are
redirectioning some machine's logs to a FIFO pipe that is connected to
a MySQL DB via a bash script (the typical syslog-ng , MySQL and
php-syslog-ng scenario).

destination d_mysql {
  template("INSERT INTO logs (host, facility, priority, level, tag,
datetime, program, msg)

Our Windows machines are forwarding logs to the central logging server
using SNARE and SNARE uses horizontal tabs as field separator. Early
we started to notice that the messages had a strange format in our DB
so we redirectioned logs to a file using the same template to check
for problems.

In the field corresponding to '$MSG' we obtained the next message
(with \011\ instead of tabs) :

Sep 06 11:20:06 2006\011540\011Security\011ANONYMOUS LOGON\011Well
Known Group\011Success
Audit\011EMGDCW502\011Logon/Logoff\011\011Successful Network Logon:
 User Name:      Domain:      Logon ID: (0x1,0xFAC17236)     Logon
Type: 3     Logon Process: NtLmSsp      Authentication Package: NTLM
  Workstation Name: EMCANW501     Logon GUID: -     Caller User Name:
-     Caller Domain: -     Caller Logon ID: -     Caller Process ID: -
    Transited Services: -     Source Network Address:
 Source Port: 0    \01111688641'

If we use template-escape(no) the message was received correctly so
there is a problem with the parsing when template-escape is set to
yes, it affects tab characters and it should affect only to ' and "

Are there any solutions for this?

Best Regards.
Manuel Mora

More information about the syslog-ng mailing list