[syslog-ng] syslog-ng as a relay
Moxey, Joel, VF UK - Technology (TS)
Joel.Moxey at vodafone.com
Tue Jun 19 11:14:24 CEST 2007
Hi!
I am trying to work out if syslog-ng can act as a relay without doing
"noticeable" changes to the syslog message in terms of what the syslog
server sees.
The problem:
1) The device sends non-standard syslog messages
2) The syslog needs to go to 2 end systems, the device supports 1
3) One of the end devices needs to receive the syslog in exactly
the same for as originally sent by the device
So, I have been trying destinations as follows:
destination d_remote {
udp("X.X.X.X" port(514) spoof_source(yes)
template("$MESSAGE\n"));
udp("Y.Y.Y.Y" port(514) spoof_source(yes)
template("$MESSAGE\n"));
};
I have also tried various combinations having "template" and adding
FACILITY and LEVEL, but I am current failing to reproduce the original
packet.
My results:
Template Result
==========================================
None Relayed message has standard date and
hostname added which weren't in original
package.
$MESSAGE\n Syslog facility and priority headers are
stripped away from relayed messages.
Adding $FACILITY and $LEVEL/$PRIORITY doesn't seem to do what I need as
they don't appear to go into the right fields, and syslog-ng appears to
put KERN.EMERG in instead...
The version I am running on is 2.0.4.
If anyone has managed to get this working like this, I would be grateful
of any pointers.
Thanks,
Joel
More information about the syslog-ng
mailing list