[syslog-ng] ArcSight Server As Destination?
Balazs Scheidler
bazsi at balabit.hu
Thu May 17 21:45:23 CEST 2007
On Thu, 2007-05-17 at 08:38 -0700, Evan Rempel wrote:
> Balazs Scheidler wrote:
> > Syslog-ng forwards messages in the same
> > format as it receives it, it does not prepend headers, only replaces
> > values if it is configured to do so.
>
> Really? My experience is one where syslong-ng receives a syslog message that does NOT
> contain a timestamp, and syslog-ng forwards it with a timestamp because the receiver
> portion of syslog-ng has added a timestamp.
I meant that syslog messages are forwarded as syslog messages. If your
incoming messages lack a header, then those are not syslog messages.
You can remove outgoing headers by using a custom template and not
adding the $DATE and $HOST portions.
You can also prevent syslog-ng to try to parse a message as syslog
message by using the flags(no-parse) option for the source.
--
Bazsi
More information about the syslog-ng
mailing list