[syslog-ng] strangeness regarding hostname parsing
Nate Campi
nate at campin.net
Sun Jan 28 07:48:12 CET 2007
On Sun, Jan 28, 2007 at 01:18:23AM +0100, Wolfram Schlich wrote:
>
> I am using syslog-ng 2.0.1.
>
> Running the command...
>
> $ logger -t "foo bar" baz
>
> ...results in syslog-ng using "foo" as the hostname and "bar: baz"
> as the message!
>
> This is a problem, for example with gconfd, which uses a tag like
> "gconfd (USERNAME-PID)".
>
> So, something seems to be wrong regarding the message parsing
> and whitespaces -> file src/logmsg.c, function log_msg_parse().
When syslog messages come in, it's hard for a syslog daemon sometimes to
figure out which fields are which. I've described the different syslog
formats that different UNIXes send (which is the cause of the problems)
on this page:
http://www.campin.net/syslog-ng/syslog.html
In this case you'll need to use the bad_hostnames() option to tell
syslog-ng about the gconfd program names. It does take a regexp IIRC so
you should be good to go using that.
--
Nate
"If Microsoft can change and compete on quality, I've won."
-- L. Torvalds
More information about the syslog-ng
mailing list