[syslog-ng] syslog-ng relay pre-pends headers

Mike Fratto mfratto at gmail.com
Tue Nov 6 16:27:53 CET 2007


Baszi,

I am inspecting on the relay itself. Pasted below is the sent message
and the relayed message. The sent message appears to be rfc3164
formatted already. In the relayed message, syslog-ng pre-pends the
sent time stamp and the hostname onto the existing message. For
messages that send raw non rfc-3164 formatted messages, that OK
(desired in fact), but sources that do send rfc-3164 formatted
messages, it's redundant. I also pasted my config file at the end.

I started out wanting syslog-ng to transparently forward messages. So
is what I am seeing the expected behavior?

But after looking more deeply at the sources, what I want to do is
have syslog-ng reformat non-rfc3164 messages to that format (which I
can do with macros).

mike


10:06:14.322290 IP (tos 0x0, ttl 127, id 29867, offset 0, flags
[none], proto UDP (17), length 131) 192.168.14.5.dcs >
192.168.17.212.syslog: SYSLOG, length: 103
        Facility mail (2), Severity notice (5)
        Msg: Nov 06 10:11 example.com 10:11:48.866 2
SMTPI-459393(barracuda.example.com) [10865267] received, 6909 bytes

10:06:14.322411 IP (tos 0x0, ttl 64, id 40000, offset 0, flags [DF],
proto UDP (17), length 153) 192.158.17.212.32843 >
192.168.17.198.syslog: SYSLOG, length: 125
        Facility mail (2), Severity notice (5)
        Msg: Nov  6 10:06:14 mail Nov 06 10:11 example.com
10:11:48.866 2 SMTPI-459393(barracuda.example.com) [10865267]
received, 6909 bytes\012

# Options
options {
        chain_hostnames(no);
        keep_hostname(yes);
        use_time_recvd(no);
};

# network syslog listener
source s_udp {
             udp();
             unix-stream("/dev/log");
};

destination d_test {udp("192.168.17.198"); };

log {
    source(s_udp);
    destination(d_test);
};


More information about the syslog-ng mailing list