[syslog-ng] Win syslog-agent PRI

Balazs Scheidler bazsi at balabit.hu
Mon Jan 28 12:32:38 CET 2008


On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
> Hi,
> 
>  
> 
> I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
> multiple linuxs sending syslog messages to this server, using
> diferents PRIs.
> 
> The problem is with the windows agent (2.1.4). In the windows agent I
> have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE:
> $MSG”, but at the server the received PRI is not 182. 
> 
> At the server I get messages with the correct PRI when the syslog-ng
> agent is restarted:
> 
>  
> 
> “Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with
> local6 and info, but every message I send through syslog-ng agent
> arrives at the server with user/notice (PRI 13).

Are you reading messages from files or you are sending out the EventLog
records?

If my assumption is true, then the difference between the LogRelay entry
and the other messages is that the LogRelay entry is coming from the
EventLog, and the others come from files, right?

I ask my collegue to look into this.

-- 
Bazsi



More information about the syslog-ng mailing list