[syslog-ng] syslog-ng relay pre-pends headers
Mike Fratto
mfratto at gmail.com
Tue Nov 6 16:27:53 CET 2007
Baszi,
I am inspecting on the relay itself. Pasted below is the sent message
and the relayed message. The sent message appears to be rfc3164
formatted already. In the relayed message, syslog-ng pre-pends the
sent time stamp and the hostname onto the existing message. For
messages that send raw non rfc-3164 formatted messages, that OK
(desired in fact), but sources that do send rfc-3164 formatted
messages, it's redundant. I also pasted my config file at the end.
I started out wanting syslog-ng to transparently forward messages. So
is what I am seeing the expected behavior?
But after looking more deeply at the sources, what I want to do is
have syslog-ng reformat non-rfc3164 messages to that format (which I
can do with macros).
mike
10:06:14.322290 IP (tos 0x0, ttl 127, id 29867, offset 0, flags
[none], proto UDP (17), length 131) 192.168.14.5.dcs >
192.168.17.212.syslog: SYSLOG, length: 103
Facility mail (2), Severity notice (5)
Msg: Nov 06 10:11 example.com 10:11:48.866 2
SMTPI-459393(barracuda.example.com) [10865267] received, 6909 bytes
10:06:14.322411 IP (tos 0x0, ttl 64, id 40000, offset 0, flags [DF],
proto UDP (17), length 153) 192.158.17.212.32843 >
192.168.17.198.syslog: SYSLOG, length: 125
Facility mail (2), Severity notice (5)
Msg: Nov 6 10:06:14 mail Nov 06 10:11 example.com
10:11:48.866 2 SMTPI-459393(barracuda.example.com) [10865267]
received, 6909 bytes\012
# Options
options {
chain_hostnames(no);
keep_hostname(yes);
use_time_recvd(no);
};
# network syslog listener
source s_udp {
udp();
unix-stream("/dev/log");
};
destination d_test {udp("192.168.17.198"); };
log {
source(s_udp);
destination(d_test);
};
More information about the syslog-ng
mailing list