[syslog-ng] ArcSight Server As Destination?
Jason Qualkenbush
jqualkenbush at gmail.com
Thu May 17 17:49:56 CEST 2007
On 5/17/07, Evan Rempel <erempel at uvic.ca> wrote:
> Balazs Scheidler wrote:
> > Syslog-ng forwards messages in the same
> > format as it receives it, it does not prepend headers, only replaces
> > values if it is configured to do so.
>
> Really? My experience is one where syslong-ng receives a syslog message that does NOT
> contain a timestamp, and syslog-ng forwards it with a timestamp because the receiver
> portion of syslog-ng has added a timestamp.
>
> Am I remembering this incorrectly or confusing this with some custom template?
I think that behavior is defined in the syslog-ng options.
options {
use_time_recvd (yes);
};
More information about the syslog-ng
mailing list