[syslog-ng] Win syslog-agent PRI
Tiago Gomes da Silva Mendo
tiago-g-mendo at telecom.pt
Mon Jan 28 12:54:19 CET 2008
>On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
>> Hi,
>>
>>
>>
>> I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
>> multiple linuxs sending syslog messages to this server, using
>> diferents PRIs.
>>
>> The problem is with the windows agent (2.1.4). In the windows agent I
>> have an message format like this: "<182>$DATE $HOST $EVENT_SOURCE:
>> $MSG", but at the server the received PRI is not 182.
>>
>> At the server I get messages with the correct PRI when the syslog-ng
>> agent is restarted:
>>
>>
>>
>> "Jan 28 10:57:41 10.176.25.108 LogRelay: Application started", with
>> local6 and info, but every message I send through syslog-ng agent
>> arrives at the server with user/notice (PRI 13).
>
>Are you reading messages from files or you are sending out the EventLog
>records?
>
>If my assumption is true, then the difference between the LogRelay entry
>and the other messages is that the LogRelay entry is coming from the
>EventLog, and the others come from files, right?
>
>I ask my collegue to look into this.
>
>--
>Bazsi
You are rigth.
The messages from the eventlog containers are getting to the server with the right PRI, but the ones from the files don't.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080128/84baf4f7/attachment.htm
More information about the syslog-ng
mailing list