[syslog-ng] syslog-ng relay pre-pends headers
Mike Fratto
mfratto at gmail.com
Thu Nov 8 15:26:21 CET 2007
Thanks Baszi. It's the little things.
On Nov 8, 2007 2:47 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> > 10:06:14.322290 IP (tos 0x0, ttl 127, id 29867, offset 0, flags
> > [none], proto UDP (17), length 131) 192.168.14.5.dcs >
> > 192.168.17.212.syslog: SYSLOG, length: 103
> > Facility mail (2), Severity notice (5)
> > Msg: Nov 06 10:11 example.com 10:11:48.866 2
> > SMTPI-459393(barracuda.example.com) [10865267] received, 6909 bytes
>
> the problem is that the timestamp is not complete, it does not contain
> second information. As it is not properly formatted, syslog-ng assumes
> that it's not RFC3164 and takes the complete line as a message.
More information about the syslog-ng
mailing list