[syslog-ng] question regarding program name logs
Russell Fulton
r.fulton at auckland.ac.nz
Tue Sep 12 00:34:18 CEST 2006
Justin Randall wrote:
> Hello,
>
>
>
> I am currently using Syslog-NG version 2.0rc1.
>
>
>
> I’ve noticed that sometimes when Syslog-NG is logging messages, it
> prefixes something onto the program name which disrupts filters while
> matching against a program name. For example, in some logs for a
> program named “foo” I’ll see logs in the form of “<15>foo” which fail to
> be matched against a filter of ‘program(“foo”) ‘. This seems to only be
> noticed on logs which originate from remote hosts.
>
>
>
> Could anyone provide an explanation for what is going on with this?
>
the program name is supplied by the program in the call openlog to
generate the log record, i.e. syslog-ng does not mess with this value it
just takes what it is given. If you are getting variable text in this
field I would look at the program that is generating the messages.
BTW I apologise for my earlier message in response to Bazsi's
announcement of RC2. It was meant to go to a colleague not to the list.
Too early in the morning and not enough coffee!
Russell
More information about the syslog-ng
mailing list