[syslog-ng] datetime stamp of syslog-ng...
Balazs Scheidler
bazsi at balabit.hu
Wed Jan 2 09:51:27 CET 2008
On Wed, 2008-01-02 at 09:45 +0530, Anant Athavale wrote:
> Dear List,
>
> I am redirecting a system log of one server to a centralized log
> server running syslog-ng. When we redirect, syslog-ng adds its own
> datetime stamp before the actual log entry for each line. Due to
> this, one of the log processing software does not recognize the format
> and does not generate any reports. If I remove those 4 fields (Month
> Name, Date, Year and IP address) for ex: Jan 2 2008 10.10.10.10 (here
> 10.10.10.10 is the IP address of the system whose logs are getting
> stored in central log server) that log processing software works as
> expected and generates report.
>
> Is it possible that, I can block those fields getting recorded. If
> yes, how? and if not, what is the alternative?
Syslog-ng tries to parse the time stamp of the original message, and if
it is not in a proper format, it assumes the timestamp is part of the
message itself and adds a complete syslog header, that's why you see
that a timestamp is prepended.
Can you show us an example of the original message?
Once the timestamp is parsed syslog-ng regenerates it according to the
template used and the ts_format() global option.
--
Bazsi
More information about the syslog-ng
mailing list