[syslog-ng] Win syslog-agent PRI
Balazs Scheidler
bazsi at balabit.hu
Mon Jan 28 16:04:18 CET 2008
On Mon, 2008-01-28 at 11:54 +0000, Tiago Gomes da Silva Mendo wrote:
> >On Mon, 2008-01-28 at 11:05 +0000, Tiago Gomes da Silva Mendo wrote:
> >> Hi,
> >>
> >>
> >>
> >> I have syslog-ng-premium-edition (2.1.8) on an Debian etch and
> >> multiple linuxs sending syslog messages to this server, using
> >> diferents PRIs.
> >>
> >> The problem is with the windows agent (2.1.4). In the windows agent I
> >> have an message format like this: “<182>$DATE $HOST $EVENT_SOURCE:
> >> $MSG”, but at the server the received PRI is not 182.
> >>
> >> At the server I get messages with the correct PRI when the syslog-ng
> >> agent is restarted:
> >>
> >>
> >>
> >> “Jan 28 10:57:41 10.176.25.108 LogRelay: Application started”, with
> >> local6 and info, but every message I send through syslog-ng agent
> >> arrives at the server with user/notice (PRI 13).
> >
> >Are you reading messages from files or you are sending out the EventLog
> >records?
> >
> >If my assumption is true, then the difference between the LogRelay entry
> >and the other messages is that the LogRelay entry is coming from the
> >EventLog, and the others come from files, right?
> >
> >I ask my collegue to look into this.
> >
I've talked to my collegue, and as it seems the 2.1.x version of the
agent does not support templates for lines coming from file sources.
However the upcoming 2.2 version already does, but it's not ready for
public consumption yet.
--
Bazsi
More information about the syslog-ng
mailing list