[syslog-ng] syslog-ng as a relay

Moxey, Joel, VF UK - Technology (TS) Joel.Moxey at vodafone.com
Tue Jun 19 11:14:24 CEST 2007


I am trying to work out if syslog-ng can act as a relay without doing
"noticeable" changes to the syslog message in terms of what the syslog
server sees.

The problem: 

1)	The device sends non-standard syslog messages
2)	The syslog needs to go to 2 end systems, the device supports 1
3)	One of the end devices needs to receive the syslog in exactly
the same 	for as originally sent by the device

So, I have been trying destinations as follows:

destination d_remote {
	udp("X.X.X.X" port(514) spoof_source(yes)
	udp("Y.Y.Y.Y" port(514) spoof_source(yes)

I have also tried various combinations having "template" and adding
FACILITY and LEVEL, but I am current failing to reproduce the original

My results:

Template			Result
None				Relayed message has standard date and
hostname added 				which weren't in original
$MESSAGE\n			Syslog facility and priority headers are
stripped 				away from relayed messages.

Adding $FACILITY and $LEVEL/$PRIORITY doesn't seem to do what I need as
they don't appear to go into the right fields, and syslog-ng appears to
put KERN.EMERG in instead...

The version I am running on is 2.0.4.

If anyone has managed to get this working like this, I would be grateful
of any pointers.



More information about the syslog-ng mailing list